CVE-2024-9240 – The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected …

17 October 2024

Vuln ID: CVE-2024-9240

Published: 2024-10-17 02:15:03.243

Description: The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Base Score: 6.1 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

17 October 2024

Categorie(s):

NVD

Tag(s):

NVD

New infosec products of the week: October 18, 202418 October 2024
CyberRisk TV live show wrap up from Oktane 202418 October 2024
Oktane 2024: Staying ahead of identity threats – David Bradbury 18 October 2024
Uncle Sam puts $10M bounty on Russian troll farm Rybar18 October 2024
Cicada3301 ransomware affiliate program infiltrated by security researchers18 October 2024