CVE-2026-42670

Vulnerability

A missing authorization vulnerability exists in Etoile Web Design Incorporated's Five Star Restaurant Reservations plugin for WordPress. This issue affects versions up to and including 2.7.14. It stems from incorrectly configured access control, specifically a missing authorization check in a function that allows unprivileged users to execute higher-privileged actions [1].

Exploitation

An attacker can exploit this vulnerability by leveraging the missing authorization check. This typically involves an unprivileged user attempting to execute a function that requires higher privileges. The exact steps depend on the specific function affected, but the core requirement is the absence of proper access control checks [1].

Impact

Successful exploitation allows an unprivileged user to perform actions normally reserved for users with higher privileges. While the provided reference suggests a low severity impact and that it is unlikely to be exploited, the potential exists for unauthorized actions to be taken within the plugin's functionality [1].

Mitigation

To resolve this vulnerability, update the Five Star Restaurant Reservations plugin to version 2.7.15 or later. If an immediate update is not possible, users should seek assistance from their hosting provider or web developer. Patchstack users can enable auto-updates for vulnerable plugins [1].