CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49448 – WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2025-49448
24 Jun 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0. The FW Food Menu – Responsive food menu with ordering & delivery solutions plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 6.0.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the s... • https://patchstack.com/database/wordpress/plugin/fw-food-menu/vulnerability/wordpress-fw-food-menu-6-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49447 – WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-49447
12 Jun 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. The FW Food Menu – Responsive food menu with ordering & delivery solutions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which ma... • https://patchstack.com/database/wordpress/plugin/fw-food-menu/vulnerability/wordpress-fw-food-menu-6-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •