VYPR

Restaurant Menu by MotoPress

by WordPress

CVEs (3)

  • CVE-2025-30846HigMar 27, 2025
    risk 0.57cvss 8.8epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows PHP Local File Inclusion.This issue affects Restaurant Menu by MotoPress: from n/a through…

  • CVE-2025-54038MedJul 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.6.

  • CVE-2021-24722MedNov 1, 2021
    risk 0.31cvss 4.8epss 0.01

    The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed