WordPress Plugin Vulnerabilities

ND Restaurant Reservations < 1.5 - Unauthenticated Options Change

Description

The Restaurant Reservations WordPress plugin was affected by an Unauthenticated Options Change security vulnerability.

Affects Plugins

Plugin icon
nd-restaurant-reservations
Fixed in 1.5

References

CVE
CVE-2019-15819
URL
https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-restaurant-reservations-plugin/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Verified
No
WPVDB ID
0804ab0d-b0fe-4922-b384-26bb9441859b

Timeline

Publicly Published
2019-08-09 (about 6 years ago)
Added
2019-08-09 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-13
Title
Truelysell Core < 1.8.8 - Unauthenticated Privilege Escalation via Registration
Published
2020-05-28
Title
bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled
Published
2026-01-20
Title
Directorist Social Login <= 2.1.1 - Unauthenticated Privilege Escalation
Published
2024-08-07
Title
Woffice < 5.4.12 - Unauthenticated Privilege Escalation
Published
2025-07-10
Title
Official Integration for Billingo <= 4.2.9 - Shop Manager+ Privilege Escalation