Skip to main content

Five Star Restaurant Reservations CVE-2026-25327

| EUVDEUVD-2026-15643 MEDIUM
Missing Authorization (CWE-862)
2026-03-25 Patchstack GHSA-v96j-6v36-85g6
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15643
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
MEDIUM 6.5

DescriptionCVE.org

Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9.

AnalysisAI

Rustaurius Five Star Restaurant Reservations through version 2.7.9 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify reservation data and disrupt service availability by exploiting misconfigured access controls. The vulnerability requires no user interaction and can be triggered remotely, enabling attackers to tamper with restaurant operations without authentication. No patch is currently available for this vulnerability.

Technical ContextAI

The vulnerability stems from improper implementation of access control mechanisms in the Five Star Restaurant Reservations WordPress plugin (identified via CPE cpe:2.3:a:rustaurius:five_star_restaurant_reservations:*:*:*:*:*:*:*:*). The root cause is classified under CWE-862 (Missing Authorization), which describes scenarios where software fails to properly enforce that a user cannot perform a particular action. In WordPress plugins, this typically manifests as missing or inadequate capability checks (is_user_logged_in(), current_user_can()) on administrative or sensitive functions. The plugin's reservation management system likely exposes endpoints or functionalities that should be restricted to authenticated administrators or restaurant owners but instead are accessible to unauthenticated users or lower-privileged accounts due to misconfigured security levels.

RemediationAI

Immediately upgrade the Five Star Restaurant Reservations plugin to version 2.7.10 or later (assuming a patched version has been released beyond 2.7.9). Review the vendor advisory at Patchstack (https://patchstack.com/database/Wordpress/Plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-7-9-broken-access-control-vulnerability?_s_id=cve) for specific patch details. As a temporary workaround pending an official patch, restrict direct access to the plugin's administrative endpoints using WordPress security plugins that enforce role-based access control, and review user roles and permissions to ensure only trusted administrators have access to reservation management functions. Additionally, audit access logs for unauthorized attempts to modify reservation data or access sensitive booking information.

Share

CVE-2026-25327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy