VYPR

Alex Reservations

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-12399HigNov 8, 2025
    risk 0.40cvss 7.2epss 0.01

    The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for…

  • CVE-2024-13380MedJan 30, 2025
    risk 0.35cvss 6.4epss 0.00

    The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied…