CVE-2025-23910

Name of the Vulnerable Software and Affected Versions Menus Plus+ versions 1.9.6 and earlier

Description The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL Injection. This means that an attacker could potentially inject malicious SQL code into the application's database, leading to unauthorized access or modification of data. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Menus Plus+ versions 1.9.6 and earlier, update to version 1.9.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.