3 matches found
CVE-2025-8491
The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...
CVE-2025-6673 Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode
The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsceprmmenulink shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-27865 · WordPress · Easy Restaurant Menu Manager
Name of the Vulnerable Software and Affected Versions: Easy Restaurant Menu Manager plugin for WordPress versions up to and including 2.0.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the nsc eprm menu link shortcode. This...