The Five Star Restaurant Menu plugin is susceptible to an unauthenticated broken access control vulnerability, potentially allowing unauthorized users to manipulate restaurant menu configurations.

The vulnerability stems from insufficient access control checks, enabling unauthenticated attackers to interact with internal plugin functions. This bypass allows attackers to perform actions that should be restricted to authenticated administrative users.

Exploitation of this flaw could result in unauthorized modifications to website content, such as menu items or pricing, leading to reputational damage and potential business disruption. The CVSS score of 7.5 (High) reflects the severity of allowing unauthenticated actors to exert control over plugin functionality.

Immediate Action: Apply the latest security update from the vendor to remediate the access control flaw.

Proactive Monitoring: Monitor for unauthorized administrative changes or unexpected modifications to menu content within the application.

Compensating Controls: Utilize a Web Application Firewall (WAF) to restrict access to sensitive plugin endpoints that do not require valid administrative sessions.

Public Exploit Available: false

Organizations utilizing the Five Star Restaurant Menu plugin must verify their current version and update to the latest patched release to prevent unauthorized administrative actions. Given the high risk associated with unauthenticated access control, prompt remediation is essential to maintain the integrity of the web presence and prevent potential malicious manipulation.