Skip to main content

Five Star Restaurant Menu EUVDEUVD-2026-39679

| CVE-2026-54835 HIGH
Missing Authorization (CWE-862)
2026-06-26 audit@patchstack.com GHSA-8gj3-qcvj-2568
7.5
CVSS 3.1 · Vendor: patchstack
Share

Severity by source

Vendor (patchstack) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
7.5 HIGH

Unauthenticated network-reachable endpoint with missing authorization gives AV:N/AC:L/PR:N/UI:N; integrity-only impact per broken-access-control write, so C:N/I:H/A:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (patchstack).

CVSS VectorVendor: patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 15:36 vuln.today

DescriptionCVE.org

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

AnalysisAI

Improper authorization in the Five Star Restaurant Menu WordPress plugin (versions <= 2.5.2) lets unauthenticated remote attackers invoke restricted functionality and modify data without any credentials. The CVSS 3.1 vector (AV:N/PR:N/UI:N) and CWE-862 indicate the plugin exposes one or more actions that lack capability/nonce checks, scored 7.5 with integrity-only impact (C:N/I:H/A:N). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running vulnerable plugin
Exploit
Craft unauthenticated request to plugin endpoint
Execution
Bypass missing authorization check
Impact
Modify menu or plugin data

Vulnerability AssessmentAI

Exploitation The affected product is the Five Star Restaurant Menu WordPress plugin at version 2.5.2 or earlier, which must be installed and active on the target site - that is the core prerequisite. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are partially conflicting and incomplete. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker enumerates WordPress sites running the Five Star Restaurant Menu plugin and sends a crafted unauthenticated HTTP request directly to the plugin's vulnerable action endpoint. Because the endpoint omits authorization and nonce checks, the request succeeds and modifies menu data or other plugin-controlled state without any login. …
Remediation No vendor-released patch version was identified in the provided data, so update to the latest available release of the Five Star Restaurant Menu plugin and consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/food-and-drink-menu/vulnerability/wordpress-five-star-restaurant-menu-plugin-2-5-2-broken-access-control-vulnerability?_s_id=cve) for the fixed version once published, since versions <= 2.5.2 are vulnerable. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all WordPress installations and identify which are running Five Star Restaurant Menu plugin versions ≤2.5.2. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39679 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy