The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function using a PHP loose comparison (==) between the attacker-controlled payment_id POST parameter and the booking's stripe_payment_intent_id property. When an unauthenticated attacker submits a request to the nopriv AJAX handler rtb_stripe_pmt_succeed before the Stripe payment intent has been created for a booking (i.e., before the JavaScript-triggered create_stripe_pmtIntnt() call has stored an intent ID in post meta), the stripe_payment_intent_id property on the booking object remains null. The comparison sanitize_text_field('') == null evaluates to TRUE in PHP loose comparison, causing the payment verification check to pass with zero actual payment. This makes it possible for unauthenticated attackers to mark any existing payment_pending booking as paid without completing a Stripe payment by submitting an empty payment_id parameter.
The Five Star Restaurant Reservations WordPress plugin versions up to 2.7.16 contain a payment bypass vulnerability through PHP type juggling in the valid_payment() function. Unauthenticated attackers can bypass payment verification by exploiting loose comparison between attacker-controlled parameters and null values, allowing free restaurant reservations.
تحتوي إضافة Five Star Restaurant Reservations للووردبريس على ثغرة في وظيفة التحقق من الدفع تستخدم مقارنة PHP فضفاضة بين معرف الدفع الذي يتحكم به المهاجم وخاصية stripe_payment_intent_id. عندما يكون معرف نية الدفع فارغاً أو غير محدد، تتقيم المقارنة إلى TRUE مما يسمح بتجاوز التحقق من الدفع. يمكن للمهاجمين غير المصرح لهم استغلال هذه الثغرة لإجراء حجوزات مطاعم مجانية دون دفع فعلي.
Five Star Restaurant Reservations WordPress plugin up to version 2.7.16 is vulnerable to payment bypass via PHP type juggling in the valid_payment() function. Attackers can exploit loose comparison logic to bypass payment verification and make free reservations without authentication.
Update the Five Star Restaurant Reservations plugin to version 2.7.17 or later immediately. Implement strict type comparison (===) instead of loose comparison (==) in payment validation functions. Verify all payment transactions with Stripe API before processing reservations. Disable the vulnerable AJAX handler for unauthenticated users and require authentication for payment processing.
قم بتحديث إضافة Five Star Restaurant Reservations إلى الإصدار 2.7.17 أو أحدث فوراً. استخدم المقارنة الصارمة (===) بدلاً من المقارنة الفضفاضة (==) في وظائف التحقق من الدفع. تحقق من جميع معاملات الدفع مع Stripe API قبل معالجة الحجوزات. عطّل معالج AJAX الضعيف للمستخدمين غير المصرح لهم وطلب المصادقة لمعالجة الدفع.