Description
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3.
Published: 2025-04-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The VikRestaurants WordPress plugin contains a Cross‑Site Request Forgery flaw that allows an attacker to submit a crafted request that stores malicious JavaScript. When the stored data is later displayed to a browser, the injected script runs with the privileges of the visiting user, potentially enabling session hijacking, defacement, or other malicious actions.

Affected Systems

All WordPress sites running e4jvikwp VikRestaurants plugin version 1.3.3 or earlier are exposed to this flaw.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1, indicating a high severity level. The EPSS score is below 1 %, suggesting that, as of now, the likelihood of exploitation is low, and the CVE is not listed in the CISA KEV catalog. Because the flaw is a CSRF vector, the attacker must trick a privileged user—typically an administrator—to trigger a request that stores the malicious input. The attack can be executed by embedding a link or form on a third‑party site that the target visits while signed in. No public patch version is currently available, so the risk remains until the plugin is updated.

Generated by OpenCVE AI on May 1, 2026 at 09:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the VikRestaurants plugin to the latest available version when an update is released.
  • If an upgrade is not immediately possible, disable the plugin or restrict administrative access to the site until the plugin is updated.
  • Ensure that WordPress core, themes, and other plugins are kept up to date to reduce overall attack surface.

Generated by OpenCVE AI on May 1, 2026 at 09:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12304 Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3. Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Wed, 30 Apr 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared E4jconnect
E4jconnect vikrestaurants Table Reservations And Take-away
CPEs cpe:2.3:a:e4jconnect:vikrestaurants_table_reservations_and_take-away:*:*:*:*:*:wordpress:*:*
Vendors & Products E4jconnect
E4jconnect vikrestaurants Table Reservations And Take-away

Tue, 22 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 22 Apr 2025 10:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.
Title WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

E4jconnect Vikrestaurants Table Reservations And Take-away
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:37.027Z

Reserved: 2025-04-22T09:21:43.075Z

Link: CVE-2025-46251

cve-icon Vulnrichment

Updated: 2025-04-22T13:40:15.584Z

cve-icon NVD

Status : Modified

Published: 2025-04-22T10:15:19.790

Modified: 2026-04-23T15:29:57.390

Link: CVE-2025-46251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T09:30:14Z

Weaknesses