Description
Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.
Published: 2025-05-19
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization check allows an attacker to delete arbitrary options from the Grand Restaurant WordPress theme, undermining the website’s configuration and potentially disabling critical features. The flaw is a classic "Missing Authorization" vulnerability (CWE‑862) that can compromise the integrity of the site’s settings and services.

Affected Systems

ThemeGoods Grand Restaurant WordPress theme, affecting all installations whose version is 7.0 or earlier. The issue applies to any WordPress site that has the Grand Restaurant theme deployed, regardless of the overall WordPress version.

Risk and Exploitability

The CVSS score of 8.2 categorises this as a high‑severity flaw. With an EPSS score of less than 1 % and no listing in CISA’s KEV catalogue, the likelihood of widespread exploitation is low, but the impact on any affected installation can be significant. The attack vector is inferred to be remote through the WordPress admin interface, as the flaw arises from incorrectly configured access control; an authenticated administrator is likely able to trigger the option deletion without additional privileges.

Generated by OpenCVE AI on April 30, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Grand Restaurant theme to a version newer than 7.0 where the authorization issue is resolved.
  • If an upgrade is not immediately possible, limit administrative access on the WordPress backend and disable any function that allows option deletion, either through a security plugin or by applying a custom code snippet that checks user capabilities.
  • After mitigating the vulnerability, audit the theme’s options to ensure no critical settings have been removed, and restore missing configurations from recent backups if necessary.

Generated by OpenCVE AI on April 30, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15782 Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0. Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Themegoods
Themegoods grand Restaurant
CPEs cpe:2.3:a:themegoods:grand_restaurant:*:*:*:*:*:wordpress:*:*
Vendors & Products Themegoods
Themegoods grand Restaurant

Mon, 19 May 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 20:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
Title WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Themegoods Grand Restaurant
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:29.329Z

Reserved: 2025-04-16T06:22:10.074Z

Link: CVE-2025-39352

cve-icon Vulnrichment

Updated: 2025-05-19T21:11:26.510Z

cve-icon NVD

Status : Modified

Published: 2025-05-19T20:15:23.197

Modified: 2026-04-23T15:29:23.693

Link: CVE-2025-39352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T19:30:26Z

Weaknesses