Easy Restaurant Menu Manager WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Easy Restaurant Menu Manager plugin for WordPress, affecting all versions through 2.0.2. The issue arises from inadequate nonce validation in the 'nsc_eprm_save_menu()' function, allowing unauthenticated attackers to upload menu files by tricking site administrators into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing for further attacks such as code execution or uploading malicious files that could be executed later.

Reproduction

To reproduce this vulnerability, an attacker must craft a link that, when clicked by an administrator, sends a request to the 'nsc_eprm_save_menu()' function without a valid nonce. This can be done by exploiting the missing nonce validation to upload a menu file without the administrator's knowledge.

Remediation

Users are advised to update the Easy Restaurant Menu Manager plugin to version 2.0.3 or later.