CVE-2025-15445 in Restaurant Cafeteria Plugininformation

Résumé (Anglaise)

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

Responsable

WPScan

Réserver

04/01/2026

Divulgation

28/03/2026

Entrées

Publié	Base	Temp	Vulnérabilité	CWE	Prod	Exp	Con	EPSS	CTI	CVE
28/03/2026	6.3	6.1	Restaurant Cafeteria Plugin Setting élévation de privilèges	862	Hospitality Software	Non défini	Non défini	0.00018	2.73	CVE-2025-15445

Montrer plus

Description
Changements
Renseignements sur les menaces
API/JSON

◂ PrécédentAperçuSuivant ▸

Do you know our Splunk app?

Download it now for free!