CVE-2025-11704

Name of the Vulnerable Software and Affected Versions Elegance Menu versions prior to 2.0

Description The Elegance Menu plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 1.9. An authenticated attacker with Contributor-level access or higher can exploit this issue by manipulating the elegance-menu attribute within the elegance-menu shortcode. Successful exploitation allows the inclusion and execution of arbitrary .php files on the server, potentially enabling attackers to bypass access controls, obtain sensitive data, or execute code if .php file uploads are permitted.

Recommendations Update Elegance Menu to version 2.0 or later.