Threat Entry Updated 2024-10-18

CVE-2024-9240 - Redi Restaurant Reservation Plugin

The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Redi Restaurant Reservation

CVE-2024-9240

MEDIUM CVSS 6.1 2024-10-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24299 - Redi Restaurant Reservation Plugin

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website…

PLUGIN Redi Restaurant Reservation

CVE-2021-24299

MEDIUM CVSS 6.1 2021-05-17

Risk Score

Open Full Technical Breakdown