Skip to main content

Five Star Restaurant Reservations CVE-2026-54830

| EUVDEUVD-2026-39367 HIGH
Missing Authorization (CWE-862)
2026-06-25 Patchstack GHSA-x239-8vvh-363p
7.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
7.5 HIGH

Unauthenticated network-reachable handler with missing authorization gives AV:N/AC:L/PR:N/UI:N; impact is data modification only, so I:H with C:N and A:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 14:18 vuln.today

DescriptionCVE.org

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

AnalysisAI

Missing authorization in the Five Star Restaurant Reservations WordPress plugin (version 2.7.19 and earlier) lets remote unauthenticated attackers invoke protected plugin functionality and modify data without holding any account, per the CVSS PR:N vector. The flaw is a broken access control / missing capability check (CWE-862) reported by Patchstack, with a CVSS 3.1 base score of 7.5 driven entirely by integrity impact (C:N/I:H/A:N). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WP site running plugin <= 2.7.19
Delivery
Send unauthenticated request to plugin endpoint
Exploit
Bypass missing authorization check
Execution
Invoke privileged action
Impact
Modify reservation data or settings

Vulnerability AssessmentAI

Exploitation Exploitation requires only that a target WordPress site has the Five Star Restaurant Reservations plugin installed and active at version 2.7.19 or earlier, with its vulnerable handler network-reachable (the default for a public WordPress site). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately serious but not emergency-grade. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker enumerates WordPress sites running the Five Star Restaurant Reservations plugin and sends a crafted request directly to the plugin's unprotected handler (e.g., an admin-ajax or REST action), without logging in. Because the handler lacks a capability/nonce check, the request succeeds and alters reservation data or plugin state. …
Remediation Upgrade the plugin to the latest available release above 2.7.19 from the WordPress plugin repository; consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-7-19-broken-access-control-vulnerability) for the confirmed fixed version, as no exact patched version was supplied in the input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Disable the Five Star Restaurant Reservations plugin on all WordPress instances; audit database logs for unauthorized reservation modifications since last month. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54830 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy