CVE-2025-15445 in Restaurant Cafeteria Plugininformación

Resumen (Inglés)

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

Responsable

WPScan

Reservar

2026-01-04

Divulgación

2026-03-28

Voces

Fecha de publicación	Base	Temp	Vulnerabilidad	CWE	Prod	Exp	Con	EPSS	CTI	CVE
2026-03-28	6.3	6.1	Restaurant Cafeteria Plugin Setting escalada de privilegios	862	Hospitality Software	No está definido	No está definido	0.00018	2.91	CVE-2025-15445

Mostrar más

Descripción
Cambios
Inteligencia de amenazas
API/JSON

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to know what is going to be exploited?

We predict KEV entries!