Description
Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update Theme
AI Analysis

Impact

The vulnerability is a Missing Authorization issue (CWE-862) in the Restaurant and Cafe WordPress theme. It allows an attacker to bypass intended access controls and perform actions that should be restricted, potentially accessing or manipulating restricted content or administrative functions. The description does not indicate that it leads to remote code execution or data exfiltration, but the loss of proper authorization could undermine confidentiality, integrity, or availability of the site’s sensitive areas.

Affected Systems

Affected products are raratheme's Restaurant and Cafe theme for WordPress, with all versions from the initial release up to and including 1.2.5. No other affected versions are specified.

Risk and Exploitability

The CVSS base score of 5.3 places this issue in the medium severity range. The EPSS score is below 1%, suggesting a low probability of widespread exploitation, and the vulnerability is not yet listed in the CISA KEV catalog. The description does not detail attack prerequisites; it is inferred that an authenticated user with incorrect configuration could exploit the broken access control, although the exact attack vector is not explicit in the CVE data.

Generated by OpenCVE AI on March 19, 2026 at 15:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Restaurant and Cafe theme to a version newer than 1.2.5, if available.
  • Check the theme’s official documentation or support channels for patch releases or updates.
  • Verify that the theme’s access control and permission settings are correctly configured to prevent unauthorized operations.
  • Apply general WordPress security best practices, such as using strong passwords, limiting user roles, and regularly auditing user permissions.

Generated by OpenCVE AI on March 19, 2026 at 15:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes restaurant And Cafe
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes restaurant And Cafe
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5.
Title WordPress Restaurant and Cafe theme <= 1.2.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Restaurant And Cafe
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:56.465Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32347

cve-icon Vulnrichment

Updated: 2026-03-13T20:07:35.376Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:46.460

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:08Z

Weaknesses