Description

WordPress Plugin Ketchup Restaurant Reservations is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials, or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Ketchup Restaurant Reservations version 1.0.0 is vulnerable.

Remediation

Disable and remove the plugin until a fix is available

References

https://sploitus.com/exploit?id=WPEX-ID:3C6CC46E-E18A-4F34-AC09-F30CA74A1182

https://sploitus.com/exploit?id=WPEX-ID:E3C6D137-FF6E-432A-A21A-B36DC81F73C5

https://wordpress.org/plugins/ketchup-restaurant-reservations/#description

Related Vulnerabilities

Joomla CVE-2022-27911 Vulnerability (CVE-2022-27911)

WordPress Plugin GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Arbitrary File Upload (1.4.14)

PHP Other Vulnerability (CVE-2007-4255)

WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.6)

WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.8)

Severity

High

Classification

CVE-2022-2753 CVE-2022-2754 CWE-79 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update