Home » Vulnerabilities » Input validation vulnerability in WPPizza – A Restaurant Plugin 3.19.4

Latest

Input validation vulnerability in WPPizza – A Restaurant Plugin 3.19.4

CVE-2025-26991

Severity: medium-risk
Status: Fixed
Publication: February 23, 2025

The WPPizza plugin for WordPress has a security issue called Reflected Cross-Site Scripting. This means that the plugin does not properly filter or protect user input and output, making it vulnerable to attacks. People who are not logged in to the site can potentially insert harmful code into the pages, causing them to run without the user’s knowledge. This can happen if the attacker is able to trick the user into clicking on a link.

Detected in:

WPPizza – A Restaurant Plugin fixed vulnerable versions: >= * <= 3.19.4

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Input validation vulnerability in WPPizza – A Restaurant Plugin 3.19.4

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Input validation vulnerability in WPPizza – A Restaurant Plugin 3.19.4

Detected in: