Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-30
CVE-2026-6498 - Five Star Restaurant Reservations Plugin
The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function using a PHP loose comparison (==) between the attacker-controlled payment_id POST parameter and the booking's stripe_payment_intent_id property. When an unauthenticated attacker submits a request to the nopriv AJAX handler rtb_stripe_pmt_succeed before the Stripe payment intent has been created for a booking (i.e., before the JavaScript-triggered create_stripe_pmtIntnt() call has stored an intent ID in post meta), the stripe_payment_intent_id property…
PLUGIN
Five Star Restaurant Reservations
CVE-2026-6498
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0658 - Five Star Restaurant Reservations Plugin
The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting bookings via CSRF attacks.
PLUGIN
Five Star Restaurant Reservations
CVE-2026-0658
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24965 - Five Star Restaurant Reservations Plugin
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins
PLUGIN
Five Star Restaurant Reservations
CVE-2021-24965
Risk Score