CVE-2026-42670 PUBLISHED

WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability

Assigner: Patchstack
Reserved: 29.04.2026 Published: 02.06.2026 Updated: 02.06.2026

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14.

Product Status

Vendor	Etoile Web Design Incorporated
Product	Five Star Restaurant Reservations
Versions	Default: unaffected affected from n/a to 2.7.14 (incl.)

Solutions

Update the WordPress Five Star Restaurant Reservations Plugin to the latest available version (at least 2.7.15).

Credits

Evan NR | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/wordpress/plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-7-14-payment-bypass-vulnerability?_s_id=cve

Problem Types

CWE-862 Missing Authorization CWE

Impacts

CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels