CVE-2026-25327
Received Received - Intake
Missing Authorization in Rustaurius Five Star Restaurant Reservations

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25327
EUVD
EUVD-2026-15643
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
five_star_restaurant_reservations restaurant_reservations to 2.7.9 (inc)
patchstack five_star_restaurant_reservations to 2.7.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

CVE-2026-25327 is a broken access control vulnerability that allows unauthenticated users to perform actions reserved for higher-privileged users in the Five Star Restaurant Reservations plugin. Such missing authorization issues can lead to unauthorized access to sensitive data or functionality.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, broken access control vulnerabilities generally pose risks to data confidentiality and integrity, which are critical components of these regulations. Exploitation could potentially lead to unauthorized data exposure or modification, thereby impacting compliance.

Therefore, organizations using affected versions of this plugin should consider the vulnerability a risk to regulatory compliance and apply patches promptly to mitigate potential breaches.

Executive Summary

This vulnerability is a Missing Authorization issue in the Rustaurius Five Star Restaurant Reservations system. It occurs due to incorrectly configured access control security levels, which means that the system does not properly verify whether a user has the necessary permissions to perform certain actions.

Impact Analysis

Because of the missing authorization checks, unauthorized users might be able to access or manipulate reservation data or perform actions they should not be allowed to. This can lead to data breaches, unauthorized modifications, or other security issues within the restaurant reservation system.

Detection Guidance

This vulnerability arises from missing authorization, authentication, or nonce token checks in certain functions of the Five Star Restaurant Reservations plugin, allowing unauthenticated users to perform privileged actions.

Detection would involve checking for unauthorized access attempts or unusual activity targeting the plugin's endpoints that should require higher privileges.

Specific commands or detection scripts are not provided in the available information.

Mitigation Strategies

The primary mitigation step is to update the Five Star Restaurant Reservations plugin to version 2.7.10 or later, where the vulnerability has been patched.

Additionally, enabling auto-updates for vulnerable plugins can help ensure timely application of security fixes.

Since the vulnerability allows unauthenticated exploitation, restricting access to the plugin's endpoints via web application firewalls or other access control mechanisms may provide temporary protection until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25327. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart