CVE Catalog
CVE-2025-63078
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.24%
15th percentile — higher than 15% of all known CVEs
Summary
The Restaurant Menu by MotoPress plugin in versions 2.4.11 and earlier contains a vulnerability related to broken access control by subscribers. Users with the subscriber role can gain unauthorized access to restaurant menu management functions.
Risk Assessment
The risk is that subscribers can modify or delete menu items, which may lead to unauthorized changes to page content and potential data integrity breaches.
Recommendation
It is recommended to immediately update the Restaurant Menu by MotoPress plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.

