Missing Authorization Vulnerability in Rustaurius Five Star Restaurant Reservations Plugin
CVE-2026-25327

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Five Star Restaurant Reservations
Vendor
CVE Published:
25 March 2026

What is CVE-2026-25327?

A missing authorization vulnerability in the Rustaurius Five Star Restaurant Reservations plugin allows attackers to exploit incorrectly configured access control settings. This flaw affects users running versions up to and including 2.7.9, potentially allowing unauthorized access to features and sensitive information. It is essential for administrators to update to the latest version to mitigate this risk and ensure proper security controls are in place.

Affected Version(s)

Five Star Restaurant Reservations 0 <= 2.7.9

References

https://patchstack.com/database/Wordpress/Plugin/restaura...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

johska | Patchstack Bug Bounty Program
.