CVE-2026-57644
Deferred Deferred - Pending Action
Contributor SQL Injection in Restaurant Menu Plugin

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57644
EUVD
EUVD-2026-39759
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
motopress restaurant_menu to 2.4.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The SQL Injection vulnerability in the Restaurant Menu by MotoPress plugin could allow malicious actors to interact with the database and potentially steal information.

Such unauthorized access to sensitive data may lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding personal and sensitive information.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to data breaches or exposure.

Executive Summary

The vulnerability is a SQL Injection issue in the WordPress plugin "Restaurant Menu by MotoPress" version 2.4.10 or earlier.

This means that an attacker with contributor-level permissions can inject malicious SQL code into the plugin's database queries.

As a result, the attacker could manipulate the database in unintended ways, potentially accessing or stealing sensitive information.

Impact Analysis

This vulnerability can allow malicious actors to interact with your website's database, potentially leading to the theft of sensitive information.

The CVSS score of 8.5 indicates a high severity impact, meaning the consequences could be serious.

Although the vulnerability requires contributor-level permissions, if exploited, it could compromise the confidentiality of your data and cause limited availability issues.

Mitigation Strategies

The vulnerability affects the WordPress plugin "Restaurant Menu by MotoPress" version 2.4.10 or earlier.

To mitigate this vulnerability, users are advised to update the plugin immediately to version 2.4.11 or later, which contains the patch.

Alternatively, users can seek assistance from their hosting provider or developer to apply the necessary fixes.

Patchstack users can also enable auto-updates for vulnerable plugins to ensure timely patching.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57644. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart