WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability
CVE-2023-36510

7.3HIGH

Key Information:

Vendor: WordPress
Status: Redi Restaurant Reservation
Vendor: CVE Published:; 13 December 2024

Summary

The ReDi Restaurant Reservation plugin is affected by a missing authorization vulnerability that arises from improperly configured access control security levels. This flaw allows unauthorized users to potentially exploit the system, gaining access to features and data that should be restricted. The affected versions, ranging from n/a up to 23.0211, may expose users to significant security risks if not addressed promptly. It is crucial for users of this plugin to review their configurations and implement necessary security measures.

Affected Version(s)

ReDi Restaurant Reservation <= 23.0211

References

https://patchstack.com/database/wordpress/plugin/redi-res...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Jun 22, 2023

Credit

Abdi Pranata (Patchstack Alliance)