PT-2025-32963 · WordPress · Easy Restaurant Menu Manager
Published
2025-08-13
·
Updated
2025-08-13
·
CVE-2025-8491
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Easy restaurant menu manager plugin for WordPress versions prior to 2.0.3
Description:
The plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the
nsc eprm save menu() function. This allows unauthenticated attackers to upload a menu file via a forged request if they can trick a site administrator into performing an action, such as clicking a link.Recommendations:
Update the Easy restaurant menu manager plugin to version 2.0.3 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy Restaurant Menu Manager