This vulnerability represents a missing authorization flaw in the Five Star Restaurant Reservations plugin, enabling attackers to exploit incorrectly configured access control levels. Because the plugin fails to enforce proper checks, unauthorized users can trigger payment processing functions that should be restricted to privileged roles. The result is a payment bypass that allows the creation of fraudulent transactions or the manipulation of reservation payments.

The affected product is the Five Star Restaurant Reservations plugin developed by Etoile Web Design Incorporated. All released versions up to and including 2.7.14 are impacted, while version 2.7.15 and later have the fix applied. No specific operating system or WordPress core version is mentioned, so the vulnerability applies to any WordPress installation using the vulnerable plugin.

The CVSS base score is 7.5 and EPSS score is <1%, but the vulnerability is listed as not in KEV, indicating no publicly known exploits. Based on the description, the likely attack vector is a remote web request to the plugin's payment endpoint that bypasses authorization checks. An attacker with the ability to interact with the site could exploit this flaw without needing privileged credentials, leading to unauthorized payment processing. Although the EPSS score is low (<1%), organizations should treat the issue as high risk because it directly affects financial transactions.