Description
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
Published: 2026-06-25
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated Broken Access Control in the Five Star Restaurant Reservations plugin allows an attacker to perform privileged actions without proper authorization. The weakness, identified as CWE-862, could enable unauthorized users to view, modify, or delete reservation data, potentially compromising confidentiality, integrity, and availability of the reservation system.

Affected Systems

Any WordPress site that has the Five Star Restaurant Reservations plugin version 2.7.19 or earlier installed. The plugin is produced by Etoile Web Design Incorporated and is intended for restaurant reservation management.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium-to-high severity. While no EPSS score is available, the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no confirmed exploits yet. The attack vector is likely through unauthenticated web requests to the plugin’s endpoints. The potential impact is significant, especially on sites that rely on the plugin for reservation operations, and the risk warrants prompt remediation.

Generated by OpenCVE AI on June 25, 2026 at 16:05 UTC.

Remediation

Vendor Solution

Update the WordPress Five Star Restaurant Reservations Plugin to the latest available version (at least 2.7.20).

OpenCVE Recommended Actions

  • Update the Five Star Restaurant Reservations plugin to version 2.7.20 or later.
  • Remove or disable any inactive or unused plugin instances to reduce the attack surface.
  • Implement network or application level controls to restrict access to the plugin’s endpoints, ensuring only authenticated users can interact with reservation data.

Generated by OpenCVE AI on June 25, 2026 at 16:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
Title WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-25T13:12:32.943Z

Reserved: 2026-06-16T09:21:51.803Z

Link: CVE-2026-54830

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:15:15Z

Weaknesses