CVE-2026-1910

Name of the Vulnerable Software and Affected Versions UpMenu – Online ordering for restaurants plugin for WordPress versions prior to 3.2

Description The UpMenu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the lang attribute within the 'upmenu-menu' shortcode. Insufficient input sanitization and output escaping of user-supplied attributes allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. These scripts will execute when a user accesses the compromised page.

Recommendations Update to version 3.2 or later.