CVE-2021-24965

Name of the Vulnerable Software and Affected Versions Five Star Restaurant Reservations WordPress plugin versions prior to 2.4.8

Description The issue concerns a lack of capability and CSRF checks in the rtb welcome set schedule AJAX action. This allows any authenticated users to call the action, and due to insufficient sanitisation and escaping, users with a role as low as subscriber can perform Cross-Site Scripting attacks against logged-in admins.

Recommendations For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the rtb welcome set schedule AJAX action to prevent exploitation.