Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through <= 7.0.
Published: 2025-05-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Grand Restaurant WordPress theme contains an improper limitation of a pathname to a restricted directory, allowing an attacker to traverse beyond the intended folder via exploited input parameters. This Path Traversal flaw (CWE-22) could enable an attacker to read sensitive files from the server or inject malicious PHP objects, leading to elevated privileges or remote code execution if further exploitation steps are applied.

Affected Systems

WordPress sites that use the ThemeGoods Grand Restaurant theme version 7.0 or earlier are affected. The flaw exists in all releases from the earliest release up to and including version 7.0. No patch version is specified in the CVE data.

Risk and Exploitability

The CVSS score of 9.8 classifies the vulnerability as critical, indicating high likelihood of success and severe impact if exploited. The EPSS score of less than 1% suggests a low probability of widespread exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves maliciously crafted URLs or input fields that the theme processes, potentially allowing an unauthenticated attacker to traverse directories and read or execute files.

Generated by OpenCVE AI on May 1, 2026 at 08:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Grand Restaurant theme to the latest available version from ThemeGoods, if a patch exists, to eliminate the path traversal flaw.
  • If an update is not immediately possible, restrict file system access for the theme's directories by configuring web server rules or using .htaccess directives to block traversal attempts.
  • Deploy a WordPress security plugin or web application firewall that filters and blocks suspicious request patterns associated with directory traversal attacks.

Generated by OpenCVE AI on May 1, 2026 at 08:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15788 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through <= 7.0.
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 09 Jun 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Themegoods
Themegoods grand Restaurant
CPEs cpe:2.3:a:themegoods:grand_restaurant:*:*:*:*:*:wordpress:*:*
Vendors & Products Themegoods
Themegoods grand Restaurant

Mon, 19 May 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 19 May 2025 20:15:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
Title WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Themegoods Grand Restaurant
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:19:08.461Z

Reserved: 2025-04-14T11:30:45.184Z

Link: CVE-2025-32926

cve-icon Vulnrichment

Updated: 2025-05-19T21:10:45.509Z

cve-icon NVD

Status : Modified

Published: 2025-05-19T20:15:22.213

Modified: 2026-04-23T15:29:22.767

Link: CVE-2025-32926

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:15:12Z

Weaknesses