CVE-2025-11830

Name of the Vulnerable Software and Affected Versions WP Restaurant Listings versions up to and including 1.0.2

Description The WP Restaurant Listings plugin for WordPress is susceptible to Stored Cross-Site Scripting through the align parameter of the restaurant summary shortcode. Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update WP Restaurant Listings to a version later than 1.0.2.