CVE-2025-7014

MEDIUM

QR Menu Pro Smart Menu Systems Menu Panel <29012026 - Session Fixation

Title source: llm

Description

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (1)

[Third Party Advisory, US Government Resource] https://www.usom.gov.tr/bildirim/tr-26-0007

Scores

CVSS v3 5.7

EPSS 0.0002

EPSS Percentile 3.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-384

Status published

Products (2)

QR Menu Pro Smart Menu Systems/Menu Panel < 29012026

qrmenumpro/menu_panel 29012026

Published Jan 29, 2026

Tracked Since Feb 18, 2026