Skip to main content

Five Star Restaurant Reservations

4 CVEs product

Monthly

CVE-2026-54830 HIGH This Week

Missing authorization in the Five Star Restaurant Reservations WordPress plugin (version 2.7.19 and earlier) lets remote unauthenticated attackers invoke protected plugin functionality and modify data without holding any account, per the CVSS PR:N vector. The flaw is a broken access control / missing capability check (CWE-862) reported by Patchstack, with a CVSS 3.1 base score of 7.5 driven entirely by integrity impact (C:N/I:H/A:N). No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Five Star Restaurant Reservations
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-42670 HIGH This Week

Information disclosure in the Five Star Restaurant Reservations WordPress plugin (versions up to and including 2.7.14) allows unauthenticated remote attackers to bypass access control checks due to a missing authorization flaw (CWE-862). Patchstack characterizes the issue as a payment bypass vulnerability, meaning attackers can exercise restaurant reservation or payment-related functionality that should require proper authorization. No public exploit identified at time of analysis, and EPSS is very low (0.02%), suggesting it is not currently being mass-exploited.

Authentication Bypass Five Star Restaurant Reservations
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25327 MEDIUM This Month

Rustaurius Five Star Restaurant Reservations through version 2.7.9 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify reservation data and disrupt service availability by exploiting misconfigured access controls. The vulnerability requires no user interaction and can be triggered remotely, enabling attackers to tamper with restaurant operations without authentication. No patch is currently available for this vulnerability.

Authentication Bypass Five Star Restaurant Reservations
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2022-0421 MEDIUM POC This Month

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Five Star Restaurant Reservations
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Missing authorization in the Five Star Restaurant Reservations WordPress plugin (version 2.7.19 and earlier) lets remote unauthenticated attackers invoke protected plugin functionality and modify data without holding any account, per the CVSS PR:N vector. The flaw is a broken access control / missing capability check (CWE-862) reported by Patchstack, with a CVSS 3.1 base score of 7.5 driven entirely by integrity impact (C:N/I:H/A:N). No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Five Star Restaurant Reservations
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in the Five Star Restaurant Reservations WordPress plugin (versions up to and including 2.7.14) allows unauthenticated remote attackers to bypass access control checks due to a missing authorization flaw (CWE-862). Patchstack characterizes the issue as a payment bypass vulnerability, meaning attackers can exercise restaurant reservation or payment-related functionality that should require proper authorization. No public exploit identified at time of analysis, and EPSS is very low (0.02%), suggesting it is not currently being mass-exploited.

Authentication Bypass Five Star Restaurant Reservations
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Rustaurius Five Star Restaurant Reservations through version 2.7.9 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify reservation data and disrupt service availability by exploiting misconfigured access controls. The vulnerability requires no user interaction and can be triggered remotely, enabling attackers to tamper with restaurant operations without authentication. No patch is currently available for this vulnerability.

Authentication Bypass Five Star Restaurant Reservations
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Five Star Restaurant Reservations
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy