{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11830", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-15T18:56:14.562Z", "datePublished": "2025-10-22T08:27:08.157Z", "dateUpdated": "2026-04-08T16:54:18.360Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:54:18.360Z"}, "affected": [{"vendor": "wpdrift", "product": "WP Restaurant Listings", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Restaurant Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter of the restaurant_summary shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/572b584e-b580-4d90-88b6-ee5b25678d9b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-restaurant-listings/tags/1.0.2/includes/class-wp-restaurant-listings-shortcodes.php#L511"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "timeline": [{"time": "2025-10-21T20:18:34.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-22T13:21:47.179848Z", "id": "CVE-2025-11830", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-22T13:21:55.380Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-22T13:21:47.179848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-22T13:21:51.591Z"}}], "cna": {"title": "WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "wpdrift", "product": "WP Restaurant Listings", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-21T20:18:34.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/572b584e-b580-4d90-88b6-ee5b25678d9b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-restaurant-listings/tags/1.0.2/includes/class-wp-restaurant-listings-shortcodes.php#L511"}], "descriptions": [{"lang": "en", "value": "The WP Restaurant Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter of the restaurant_summary shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:54:18.360Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11830", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:54:18.360Z", "dateReserved": "2025-10-15T18:56:14.562Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-22T08:27:08.157Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Restaurant Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter of the restaurant_summary shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-11830", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-22T09:15:34.563", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-restaurant-listings/tags/1.0.2/includes/class-wp-restaurant-listings-shortcodes.php#L511"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/572b584e-b580-4d90-88b6-ee5b25678d9b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:04:57.494029+00:00", "value": {"mitigation_remediation": ["Upgrade WP Restaurant Listings to a version newer than 1.0.2 where the align parameter is properly sanitized and escaped", "If upgrading is not immediately possible, restrict contributor access or remove the ability to add or modify content for users who may fall into the contributor role", "Implement content security policy headers to limit scripts that can run within the affected pages"], "summary": {"action": "Update Plugin", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "This flaw affects the WP Restaurant Listings plugin from any version up to and including 1.0.2, as distributed by wpdrift for WordPress sites.", "description_and_impact": "The vulnerability exists in the WP Restaurant Listings plugin when the align parameter of the restaurant_summary shortcode is used. Because the input is not properly sanitized or escaped, a malicious payload can be stored in the database and executed in any user\u2019s browser when the page is viewed, constituting a CWE\u201179 Stored Cross\u2011Site Scripting flaw. The attacker can execute arbitrary JavaScript, compromising confidentiality by stealing credentials or session cookies, integrity by injecting malicious content, and possibly availability by delivering further attacks.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The flaw is not listed in the CISA KEV catalogue. The likely attack vector is an authenticated user with contributor level or higher privileges, who can submit or edit content that triggers the vulnerable shortcode. The stored payload will then run automatically for any user who views the affected page, making mitigation a priority for sites that rely on the plugin."}}}}, "created": "2025-10-23T10:07:50.592086+00:00", "updated": "2026-04-22T14:15:20.397766+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}