CVE-2025-6673

Name of the Vulnerable Software and Affected Versions: Easy Restaurant Menu Manager plugin for WordPress versions up to and including 2.0.1

Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the nsc eprm menu link shortcode. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page.

Recommendations: For versions up to and including 2.0.1, consider disabling the nsc eprm menu link shortcode until a patch is available to prevent exploitation. Restrict access to the shortcode's attributes to minimize the risk of arbitrary script injection.