PT-2026-28275 · WordPress · Restaurant Cafeteria
Khaled Alenazi
·
Published
2026-03-28
·
Updated
2026-03-28
·
CVE-2025-15445
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Restaurant Cafeteria WordPress theme versions through 0.4.6
Description
The WordPress theme allows any logged-in user, including those with subscriber privileges, to perform actions intended for more privileged roles due to missing security checks. Specifically, insecure admin-ajax actions lack nonce and capability verification. This allows an attacker to install and activate plugins from URLs controlled by the attacker, potentially leading to arbitrary PHP code execution. The theme also allows importing demo content that can overwrite site configurations, including pages, menus, and front page settings.
Recommendations
Update Restaurant Cafeteria WordPress theme to a version newer than 0.4.6.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Restaurant Cafeteria