Description
The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-01-07
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting via contributor-level access
Action: Apply Patch
AI Analysis

Impact

The Snillrik Restaurant Menu plugin for WordPress is vulnerable to stored cross‑site scripting due to insufficient input sanitization of the 'menu_style' shortcode attribute. An authenticated user with Contributor or higher privileges can inject arbitrary JavaScript, which is then stored in the database and executed whenever a page containing that shortcode is viewed. The script can steal user credentials, hijack sessions, or deface the site, thereby compromising confidentiality and integrity of the affected web application.

Affected Systems

The vulnerability affects the Snillrik Restaurant Menu plugin, maintained by mattiaspkallio, in all releases up to and including version 2.3.0. Any WordPress site that has installed these versions is at risk if it permits authenticated contributors or higher roles to add or edit shortcode attributes.

Risk and Exploitability

The CVSS v3.1 score of 6.4 indicates a medium severity, while the EPSS of less than 1% implies a relatively low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers must have at least Contributor access, so unauthenticated users cannot exploit it. Once the malicious script is injected, it executes for every visitor to pages containing the shortcode, allowing attackers to execute phishing, credential theft, or site defacement attacks. The risk is mitigated by applying the vendor patch or removing the plugin, and by enforcing strict role permissions.

Generated by OpenCVE AI on April 21, 2026 at 16:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Snillrik Restaurant Menu plugin to the latest version (or to any release newer than 2.3.0) to remove the unsafe handling of the 'menu_style' attribute.
  • If an update is not immediately possible, disable or uninstall the plugin until a fix is applied.
  • Restrict Contributor role or any role with editing rights to the plugin to the minimum necessary users, or implement a least‑privilege policy for WordPress content editors.
  • As a temporary measure, manually edit the shortcode attributes to remove any script tags or use a security plugin to sanitize the 'menu_style' input before storage.

Generated by OpenCVE AI on April 21, 2026 at 16:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Snillrik Restaurant <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute Snillrik Restaurant <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute
References

Thu, 08 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 07 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
Description The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Snillrik Restaurant <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:56:25.793Z

Reserved: 2025-12-05T14:58:59.759Z

Link: CVE-2025-14112

cve-icon Vulnrichment

Updated: 2026-01-07T14:41:33.523Z

cve-icon NVD

Status : Deferred

Published: 2026-01-07T12:16:52.400

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T16:45:15Z

Weaknesses