CVE-2025-6673
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Easy restaurant menu manager WordPress plugin (up to version 2.0.1). It occurs because the plugin does not properly sanitize and escape user-supplied attributes in the nsc_eprm_menu_link shortcode. Authenticated users with contributor-level access or higher can inject malicious scripts into pages. These scripts then execute whenever any user views the affected page, potentially compromising user data or site integrity. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with contributor-level access or higher to inject malicious JavaScript into pages viewed by other users. This can lead to theft of user credentials, session hijacking, defacement, or other malicious actions executed in the context of the victim's browser. It can compromise site security and user trust, potentially leading to data breaches or unauthorized actions performed on behalf of users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, you can check if the Easy restaurant menu manager plugin (or Easy PDF Restaurant Menu Upload plugin) is installed and running a version up to 2.0.1. Additionally, you can scan for pages or posts containing the shortcode 'nsc_eprm_menu_link' with suspicious or unexpected script tags or attributes that could indicate stored XSS payloads. On the server, you can search plugin files for the vulnerable shortcode usage or unsanitized output. For example, use the following commands on the WordPress installation directory: 1. Check plugin version: grep -r 'Version: 2.0.1' wp-content/plugins/easy-pdf-restaurant-menu-upload/ 2. Search for shortcode usage in posts/pages database (using WP-CLI): wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%[nsc_eprm_menu_link%';" 3. Search for suspicious script tags in posts: wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%<script>%';" 4. On the filesystem, check for unescaped output in plugin files: grep -r 'esc_attr' wp-content/plugins/easy-pdf-restaurant-menu-upload/ These steps help identify if the vulnerable plugin version is present and if any stored XSS payloads exist in content using the shortcode. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Easy restaurant menu manager plugin to version 2.0.2 or later, which includes fixes for the stored XSS vulnerability by properly sanitizing and escaping user inputs and outputs. If updating is not immediately possible, restrict contributor-level and above users from adding or editing content with the vulnerable shortcode 'nsc_eprm_menu_link'. Additionally, review and sanitize existing content that uses this shortcode to remove any malicious scripts. Implementing strict user role permissions and input validation can reduce risk until the patch is applied. [1]