CVE Catalog

CVE-2025-63078

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The Restaurant Menu by MotoPress plugin in versions 2.4.11 and earlier contains a vulnerability related to broken access control by subscribers. Users with the subscriber role can gain unauthorized access to restaurant menu management functions.

Risk Assessment

The risk is that subscribers can modify or delete menu items, which may lead to unauthorized changes to page content and potential data integrity breaches.

Recommendation

It is recommended to immediately update the Restaurant Menu by MotoPress plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS