Description
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Five Star Restaurant Menu plugin for WordPress contains an unauthenticated broken access control flaw (CWE‑862) in versions 2.5.2 and earlier. The weakness allows any visitor to access privileged plugin functions without needing to authenticate. Attackers could modify menu settings, add or delete menu items, or otherwise tamper with the restaurant’s online menu content, potentially affecting business reputation and user experience.

Affected Systems

The vulnerability affects the Rustaurius Five Star Restaurant Menu plugin for WordPress. All installations using version 2.5.2 or earlier are susceptible.

Risk and Exploitability

The flaw carries a CVSS score of 7.5, indicating a high severity. EPSS data is not available, and the issue has not been listed in CISA’s KEV catalog. Because the access control check is bypassed before authentication, a typical attack vector would involve interacting with the plugin’s administration or API endpoints directly as an anonymous user. No special setup or privileged account is required, so the risk of exploitation in exposed websites is high.

Generated by OpenCVE AI on June 26, 2026 at 17:50 UTC.

Remediation

Vendor Solution

Update the WordPress Five Star Restaurant Menu Plugin to the latest available version (at least 2.5.3).

OpenCVE Recommended Actions

  • Upgrade to plugin version 2.5.3 or later, which restores proper access control checks.
  • Enforce strict role‑based access control so that only authorized users can call administrative or API endpoints of the plugin.
  • If an immediate upgrade is not possible, temporarily disable the plugin on non‑production or staging environments until the patch is applied.

Generated by OpenCVE AI on June 26, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
Title WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T14:52:25.039Z

Reserved: 2026-06-16T09:21:57.269Z

Link: CVE-2026-54835

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T18:00:06Z

Weaknesses