What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.4.
Explanation of Vulnerability in Simple Terms
02Summary
Five Star Restaurant Reservations versions 2.7.4 and earlier contain an authorization flaw that allows unauthenticated attackers to read sensitive reservation data and make limited modifications over the network. No user interaction is required. The vulnerability affects confidentiality and integrity of reservation information.
What an attacker can do
03Attacker Capabilities
Read other users' reservation data and make limited changes without logging in.
Potential impact on your site
04Site Impact
Reservation data (customer names, contact info, booking details) can be accessed and modified by anyone on the internet.
Conditions required to exploit
05Prerequisites
Network access to the affected plugin; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 5, 2026
CVE published
April 28, 2026
Record updated