cleantalk
Vulnerabilities and Security Researches

Easy restaurant menu manager, CVE-2025-6673

CVE, Research URL

CVE-2025-6673

Home page URL

Security reports for Easy restaurant menu manager

Application

Easy restaurant menu manager

Published on
Jul 04, 2025
Research Description
The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsc_eprm_menu_link shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.0.2.
Status
vulnerable
Previous vulnerability researches
LuckyWP Table of Contents (CVE-2025-2299) , Apr 04, 2025
LuckyWP Table of Contents (CVE-2024-9641) , Dec 12, 2024
LuckyWP Table of Contents (CVE-2024-2218) , Jun 17, 2024
LuckyWP Table of Contents (CVE-2023-6487) , Jun 06, 2024
LuckyWP Table of Contents (CVE-2024-2119) , Jun 06, 2024
New vulnerability
Contact Us Page – Contact People (CVE-2025-28967) , Jul 07, 2025
WP fancybox (CVE-2025-26591) , Jul 07, 2025
Click & Pledge Connect Plugin (CVE-2025-28983) , Jul 07, 2025
Posts Slider Shortcode (CVE-2025-30943) , Jul 07, 2025
Leyka (CVE-2025-52805) , Jul 07, 2025