Unauthenticated Remote Code Execution (RCE) vulnerability discovered by Nick Blundell in WordPress Five Star Restaurant Menu plugin (versions <= 2.2.0).
Update the WordPress Five Star Restaurant Menu plugin to the latest available version (at least 2.2.1).