CVE-2025-12300 MEDIUM

CVE-2025-12300: code-projects Simple Food Ordering System addcategory.php cross site scripting

Vendor Code-Projects

Product Simple Food Ordering System

Weakness CWE-79 · XSS

Published October 27, 2025

Last update October 27, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

Key dates

02Disclosure timeline

October 27, 2025 CVE published

October 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12300

Related vulnerabilities

04Related CVE

CVE-2025-31595 WordPress Timeline Event History plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload CVE-2024-54224 WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability CVE-2024-30198 WordPress Buddyforms plugin <= 2.8.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-54421 NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component