CVE-2021-24722

Name of the Vulnerable Software and Affected Versions The Restaurant Menu by MotoPress WordPress plugin versions prior to 2.4.2

Description The issue concerns a lack of proper sanitization or escaping of inputs when creating new menu items, potentially allowing high-privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the creation of new menu items to trusted users until the update is applied.