whatwouldjessedo Simple Retail Menus
Easy fix1 remedy
cpe:2.3:a:simple_retail_menus_plugin_project:simple-retail-menus:*:*:*:*:wordpress:*:*
Easy fix1 remedy
- <= 4.2.1
What Would Jess Do Simple Retail Menus Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the What Would Jess Do Simple Retail Menus plugin for WordPress, affecting versions through 4.2.1. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their output, potentially leading to a database takeover if files containing database credentials are accessed.
Impact
Successful exploitation allows for local file inclusion, with the potential to access and display sensitive files, such as those containing database credentials. This could lead to a complete takeover of the database, depending on the configuration.
Remediation
Users are advised to update to a version of the What Would Jess Do Simple Retail Menus plugin for WordPress that is not affected by this vulnerability. Patchstack has issued a mitigation rule to block attacks until an official patch is available.
Added: Feb 20, 2026, 4:34 PM
Updated: Feb 20, 2026, 7:35 PM
Vulnerability Rating
Custom Algorithm
spread
1.6impact
2.5exploitability
6.4remediation
7.9relevance
3.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.