CVE-2025-15445

Name of the Vulnerable Software and Affected Versions Restaurant Cafeteria WordPress theme versions through 0.4.6

Description The WordPress theme allows any logged-in user, including those with subscriber privileges, to perform actions intended for more privileged roles due to missing security checks. Specifically, insecure admin-ajax actions lack nonce and capability verification. This allows an attacker to install and activate plugins from URLs controlled by the attacker, potentially leading to arbitrary PHP code execution. The theme also allows importing demo content that can overwrite site configurations, including pages, menus, and front page settings.

Recommendations Update Restaurant Cafeteria WordPress theme to a version newer than 0.4.6.