CVE-2025-15445 in Restaurant Cafeteria Plugin
摘要 (英语)
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.
负责
WPScan
预定
2026-01-04
披露
2026-03-28
条目
| 标识符 | 漏洞 | CWE | 基础 | 临时 | 0day | 今天 | 可利用 | KEV | EPSS | CTI | 对策 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354067 | Restaurant Cafeteria Plugin Setting 权限提升 | 862 | 6.3 | 6.1 | $0-$5k | $0-$5k | 未定义 | 0.00018 | 0.33 | 未定义 | CVE-2025-15445 |