Easy%20restaurant%20menu%20manager

Easy restaurant menu manager

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-8491

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.01% / 1.30%

7 Day CHG~0.00%

Published-13 Aug, 2025 | 03:42

Updated-13 Aug, 2025 | 17:33

Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-nikelschubert

Product-Easy restaurant menu manager

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-6673

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.04% / 9.66%

7 Day CHG~0.00%

Published-04 Jul, 2025 | 07:22

Updated-08 Jul, 2025 | 16:18

Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode

The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsc_eprm_menu_link shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-nikelschubert

Product-Easy restaurant menu manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')