CVE-2025-46251 is a CSRF vulnerability in the VikRestaurants plugin (versions <= 1.3.3) by e4jvikwp. It allows attackers to induce authenticated users to perform unintended actions without their consent. The CVSS score of 7.1 reflects network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. There is no vendor advisory or patch information provided, and no known exploits in the wild have been reported as of the publication date.

Successful exploitation of this CSRF vulnerability could allow attackers to perform unauthorized actions on behalf of authenticated users, potentially affecting confidentiality, integrity, and availability to a limited extent. The CVSS vector indicates that the attack can be performed remotely with low complexity and no privileges, but requires user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens or other application-level mitigations if possible. Monitor vendor communications for updates and apply patches promptly once released.