The vulnerability CVE-2024-51849 in the My Restaurant Menu plugin involves improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). This allows an attacker with low privileges to inject malicious scripts that are stored and later executed in the browsers of users who view the affected content. The affected versions are up to 0.2.0. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction required, and impacts on confidentiality, integrity, and availability classified as low. No patch or official remediation guidance is currently provided.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of users viewing the affected pages, potentially leading to information disclosure, session hijacking, or other client-side impacts. The overall impact is rated medium due to the limited scope and required user interaction. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting privileges to trusted users and applying web application firewall (WAF) rules to detect and block XSS payloads related to this plugin. Monitor vendor channels for updates and patches.