CVE-2021-24965 - OpenCVE

The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fivestarplugins	Five Star Restaurant Reservations

Configuration 1 [-]

cpe:2.3:a:fivestarplugins:five_star_restaurant_reservations:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-01-24T08:00:57

Updated: 2024-08-03T19:49:14.377Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24965

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-24T08:15:08.900

Modified: 2022-01-28T20:58:21.153

Link: CVE-2021-24965

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Five Star Restaurant Reservations \u2013 WordPress Booking Plugin", "vendor": "Unknown", "versions": [{"lessThan": "2.4.8", "status": "affected", "version": "2.4.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Krzysztof Zaj\u0105c"}], "descriptions": [{"lang": "en", "value": "The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-24T08:00:57", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2"}], "source": {"discovery": "EXTERNAL"}, "title": "Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24965", "STATE": "PUBLIC", "TITLE": "Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Five Star Restaurant Reservations \u2013 WordPress Booking Plugin", "version": {"version_data": [{"version_affected": "<", "version_name": "2.4.8", "version_value": "2.4.8"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Krzysztof Zaj\u0105c"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:49:14.377Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24965", "datePublished": "2022-01-24T08:00:57", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:49:14.377Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fivestarplugins:five_star_restaurant_reservations:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "688F2BE1-A848-4C9E-91A8-4340D36D4E7B", "versionEndExcluding": "2.4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins"}, {"lang": "es", "value": "El plugin Five Star Restaurant Reservations de WordPress versiones anteriores a 2.4.8, no presenta comprobaciones de capacidad y CSRF en la acci\u00f3n AJAX rtb_welcome_set_schedule, permitiendo que cualquier usuario autenticado la llame. Debido a una falta de saneo y escape, los usuarios con un rol tan bajo como el de suscriptor podr\u00edan llevar a cabo ataques de tipo Cross-Site Scripting contra administradores conectados"}], "id": "CVE-2021-24965", "lastModified": "2022-01-28T20:58:21.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-24T08:15:08.900", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/306ecf09-fdf0-449c-930c-9dfa58f0efc2"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Primary"}]}