CVE-2025-15445

MEDIUM 5.4

Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

11th

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

Vendor	unknown
Product	restaurant cafeteria
Published	Mar 28, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown restaurant cafeteria

Be the first to know when new medium vulnerabilities affecting unknown restaurant cafeteria are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Restaurant Cafeteria

0 ≤ 0.4.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/

Credits

Khaled Alenazi (Nxploited) WPScan