CVE-2025-31040 | THREATINT

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1.

Reserved 2025-03-26 | Published 2025-04-11 | Updated 2025-04-11 | Assigner Patchstack

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Product status

Default status

unaffected

Any version

affected

Credits

theviper17 (Patchstack Alliance) finder

References

patchstack.com/...cal-file-inclusion-vulnerability?_s_id=cve vdb-entry

cve.org (CVE-2025-31040)

nvd.nist.gov (CVE-2025-31040)

Download JSON