Path Traversal Vulnerability in FW Food Menu by Fastw3b LLC
CVE-2025-49448

8.6HIGH

Key Information:

Vendor: WordPress
Status: Fw Food Menu
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-49448?

A path traversal vulnerability exists in FW Food Menu by Fastw3b LLC, allowing attackers to manipulate file paths and access restricted directories. This flaw can lead to unauthorized file access, potentially exposing sensitive data. The affected versions range from the initial release up to 6.0.0. It is essential for users of FW Food Menu to apply available patches and secure their installations to mitigate risks associated with this vulnerability.

Affected Version(s)

FW Food Menu <= 6.0.0

References

https://patchstack.com/database/wordpress/plugin/fw-food-...

vdb-entry

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

LVT-tholv2k (Patchstack Alliance)

WordPress

What is CVE-2025-49448?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit