CVE-2025-31040 – WordPress WP Food ordering and Restaurant Menu <= 1.1 - Local File Inclusion Vulnerability

https://notcve.org/view.php?id=CVE-2025-31040

09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1. The WP Food ordering and Restaurant Menu plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on... • https://patchstack.com/database/wordpress/plugin/wp-food/vulnerability/wordpress-wp-food-ordering-and-restaurant-menu-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •