CVE Catalog

CVE-2026-57644

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Summary

The Restaurant Menu by MotoPress plugin version 2.4.10 and earlier contains a SQL injection vulnerability exploitable by contributors. An attacker with contributor privileges can inject malicious SQL queries into the database.

Risk Assessment

The risk includes unauthorized access to data, its modification or deletion, which may lead to a breach of confidentiality and integrity of the WordPress database.

Recommendation

It is recommended to immediately update the Restaurant Menu by MotoPress plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS