CVE-2025-15445 - Vulnerability Details

- Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

Description

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

Published: 2026-03-28

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Restaurant Cafeteria WordPress theme through version 0.4.6 exposes admin‑ajax actions that lack nonce and capability checks. Consequently, any logged‑in user, including subscribers, can trigger privileged operations. An attacker can instruct the site to install and activate a plugin from a supplied URL, which results in execution of arbitrary PHP code. The flaw also permits importing demo content that rewrites site configuration, including theme settings, pages, menus, and front‑page settings, effectively compromising the entire website configuration.

Affected Systems

The vulnerability impacts installations of the Restaurant Cafeteria theme version 0.4.6 and earlier on WordPress sites. It applies to sites that allow subscriber accounts to authenticate and use the theme's features.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity; the EPSS score is below 1% and the flaw is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread public exploitation. Nevertheless, because the attack requires only a logged‑in WordPress user, and the description notes that a subscriber can trigger the vulnerable actions, an attacker can easily compromise a site with full code execution and site takeover capabilities.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Unknown

Restaurant Cafeteria

unknown

Version	Status	Constraints
`0`	affected	≤ 0.4.6

No data.

Vendor Product Confidence Versions

Restaurant Cafeteria

85%

Version	Status	Scheme	Platform
`[0,0.4.6]`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Restaurant Cafeteria theme to the latest version that removes the vulnerable Ajax actions.
If an upgrade is not possible immediately, revoke or restrict the "install plugin" capability for subscriber accounts.
Disable or restrict the insecure admin‑ajax endpoints used by the theme.
Use a security plugin or web application firewall rule that blocks plugin installation from arbitrary URLs.
Monitor site logs for unexpected admin‑ajax requests or attempts to install unfamiliar plugins.

Generated by OpenCVE AI on March 29, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00016.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/

History

Mon, 30 Mar 2026 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Restaurant Cafeteria Restaurant Cafeteria restaurant Cafeteria Wordpress Wordpress wordpress
Vendors & Products		Restaurant Cafeteria Restaurant Cafeteria restaurant Cafeteria Wordpress Wordpress wordpress

Sun, 29 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 28 Mar 2026 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.
Title		Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation
References		https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/

Subscriptions

Restaurant Cafeteria Restaurant Cafeteria

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2026-03-28T06:00:07.103Z

Updated: 2026-04-02T12:39:55.597Z

Reserved: 2026-01-04T05:55:18.233Z

Link: CVE-2025-15445

Vulnrichment

Updated: 2026-03-29T13:48:21.668Z

NVD

Status : Deferred

Published: 2026-03-28T06:16:00.137

Modified: 2026-04-15T15:05:47.827

Link: CVE-2025-15445

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T07:59:10Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object