Description
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Published: 2026-06-26
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a SQL Injection flaw that allows an attacker to craft malicious input through the contributor interface of the Restaurant Menu by MotoPress plugin. The flaw leverages unsanitized data, enabling unauthorized execution of arbitrary SQL queries. This could lead to data theft, modification, or deletion, potentially exposing sensitive information stored in the WordPress database. The weakness is identified as CWE-89 and has a CVSS score of 8.5, indicating a high severity of impact.

Affected Systems

JetMonsters’ Restaurant Menu by MotoPress plugin versions 2.4.10 and earlier are affected. Users running these versions should verify their plugin version and upgrade accordingly.

Risk and Exploitability

The CVSS score of 8.5 reflects a high likelihood of exploitation if the vulnerability is present and the application is reachable via the Internet. Because the EPSS score is not available, the precise likelihood of exploitation is uncertain, but the high CVSS and absence from the CISA KEV catalog do not negate the need for remediation. Attackers can exploit this through standard web requests that target the plugin’s contributor interface, provided the server process can execute SQL against the database.

Generated by OpenCVE AI on June 26, 2026 at 17:44 UTC.

Remediation

Vendor Solution

Update the WordPress Restaurant Menu by MotoPress Plugin to the latest available version (at least 2.4.11).

OpenCVE Recommended Actions

  • Update the Restaurant Menu by MotoPress plugin to version 2.4.11 or later.
  • If an immediate update is not possible, temporarily disable the plugin until the fix is applied.
  • Configure a web application firewall or similar controls to block SQL injection payloads against the contributor interface.

Generated by OpenCVE AI on June 26, 2026 at 17:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Title WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T16:37:20.308Z

Reserved: 2026-06-25T08:03:17.056Z

Link: CVE-2026-57644

cve-icon Vulnrichment

Updated: 2026-06-26T16:37:15.302Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T17:45:03Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')