CVE-2025-7013

MEDIUM 5.7

IDOR in QRMenumPro's Menu Panel

CVSS Score

5.7

EPSS Score

0.0%

EPSS Percentile

2th

Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-639
Vendor	qr menu pro smart menu systems
Product	menu panel
Published	Jan 29, 2026
Last Updated	Mar 25, 2026

Stay Ahead of the Next One

Get instant alerts for qr menu pro smart menu systems menu panel

Be the first to know when new medium vulnerabilities affecting qr menu pro smart menu systems menu panel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

QR Menu Pro Smart Menu Systems / Menu Panel

0 ≤ 29012026

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-26-0007

Credits

Şahnur Eren ALOĞLU