A security researcher has discovered an XSS vulnerability in the ReDi Restaurant Reservation WordPress plugin. Bastijn Ouwendijk has publically shared his findings of the popular WordPress plugin which is used to manage reservations for online businesses. The ReDi Restaurant Reservation plug-in currently has more than 1000+ live installations.
Ouwendijk stated in his poster that attackers who exploit the plugins bug would be able to run malicious codes in order to steal customers’ data, cookies, and other sensitive information. “This vulnerability allows an unauthenticated attacker to store malicious JavaScript code into the external ‘upcoming reservations’ webpage where restaurant reservations of the plugin are listed”, Ouwendijk said in his post.