Plattform
wordpress
Komponente
restaurant-reservations
Behoben in
2.7.9
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Five Star Restaurant Reservations plugin for WordPress. This flaw allows an attacker to trick an authenticated user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the restaurant reservation system. Versions 0.0.0 through 2.7.8 are affected, and a patch is available in version 2.7.9.
The CSRF vulnerability in Five Star Restaurant Reservations allows an attacker to execute actions as a logged-in user. This could include creating, modifying, or deleting reservations, changing user roles, or accessing sensitive data. Successful exploitation requires the victim to be logged into the WordPress site and visit a malicious webpage crafted by the attacker. The impact is amplified if the attacker can target users with administrative privileges, potentially granting them full control over the reservation system. While no specific real-world exploitation has been publicly reported, CSRF vulnerabilities are commonly exploited in WordPress plugins.
CVE-2025-68601 was publicly disclosed on December 24, 2025. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog. The medium CVSS score indicates a moderate risk, suggesting that exploitation is possible but not highly probable without significant effort.
Websites utilizing the Five Star Restaurant Reservations plugin, particularly those with user accounts and reservation functionality, are at risk. Shared hosting environments where multiple WordPress installations share the same server resources are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'restaurant-reservations/includes/class-reservation.php' . |
grep -i 'add_reservation' # Look for vulnerable code patterns• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=restaurant_reservations_add_reservation&reservation_date=2024-12-31&reservation_time=19%3A00&number_of_guests=2 # Check for lack of CSRF token in requestdisclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-68601 is to upgrade the Five Star Restaurant Reservations plugin to version 2.7.9 or later. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious code injection. Implement a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, further reducing the attack surface. After upgrading, verify the fix by attempting to submit a reservation request from a different browser or incognito window to ensure CSRF protection is active.
Aktualisieren Sie auf Version 2.7.9 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-68601 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–2.7.8 of the Five Star Restaurant Reservations plugin, allowing attackers to perform actions as authenticated users.
You are affected if you are using Five Star Restaurant Reservations version 0.0.0 through 2.7.8. Check your plugin version and upgrade immediately if vulnerable.
Upgrade the Five Star Restaurant Reservations plugin to version 2.7.9 or later. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.