CVE-2025-15445 in Restaurant Cafeteria Plugin
Summary
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.
Responsible
WPScan
Reservation
01/04/2026
Disclosure
03/28/2026
Entries
| Published | Base | Temp | Vulnerability | CWE | Prod | Exp | Cou | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 03/28/2026 | 6.3 | 6.1 | Restaurant Cafeteria Plugin Setting authorization | 862 | Hospitality Software | Not defined | Not defined | 0.00018 | 2.73 | CVE-2025-15445 |