PT-2022-18469 · WordPress · The Ketchup Restaurant Reservations
Bastijn Ouwendijk
·
Published
2022-09-19
·
Updated
2022-09-21
·
CVE-2022-2753
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Ketchup Restaurant Reservations WordPress plugin versions 1.0.0 and earlier
Description
The issue allows unauthenticated attackers to perform Cross-Site Scripting attacks when a logged-in admin views a malicious reservation made through the plugin. This is due to the plugin not sanitizing and escaping some of the reservation user inputs.
Recommendations
For The Ketchup Restaurant Reservations WordPress plugin version 1.0.0 and earlier, consider updating to a newer version that addresses this issue, as the current version does not properly sanitize user inputs, leading to potential Cross-Site Scripting attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Ketchup Restaurant Reservations