216.73.216.86

CVE-2025-15445

· Published 28/03/2026 06:16 · Modified 29/03/2026 14:16

Labels: CVE-2025-15445 2026-03-28CVE-2025-15445CWE-862[email protected]

Essential information

Published
28/03/2026 06:16
Modified
29/03/2026 14:16
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
restaurant cafeteria / restaurant cafeteria cpe:2.3:a:restaurant_cafeteria:restaurant_cafeteria:*:*:*:*:*:wordpress:*:*

References