UNKNOWNCVE-2025-15445
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.
Platform
wordpress
Component
wordpress
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.
How to fix
Actualice el tema Restaurant Cafeteria a una versión posterior a la 0.4.6. Si no hay una versión disponible, considere deshabilitar o eliminar el tema hasta que se publique una versión corregida. Como medida temporal, puede restringir el acceso a las funciones afectadas a usuarios con roles de mayor privilegio.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free