{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15445", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-01-04T05:55:18.233Z", "datePublished": "2026-03-28T06:00:07.103Z", "dateUpdated": "2026-04-02T12:39:55.597Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:55.597Z"}, "title": "Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Restaurant Cafeteria", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "0.4.6"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings."}], "references": [{"url": "https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Khaled Alenazi (Nxploited)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-29T13:47:18.255216Z", "id": "CVE-2025-15445", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-29T13:49:16.577Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15445", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-29T13:47:18.255216Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-29T13:48:21.668Z"}}], "cna": {"title": "Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Alenazi (Nxploited)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Restaurant Cafeteria", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.4.6"}], "defaultStatus": "unknown"}], "references": [{"url": "https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:55.597Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15445", "state": "PUBLISHED", "dateUpdated": "2026-04-02T12:39:55.597Z", "dateReserved": "2026-01-04T05:55:18.233Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-03-28T06:00:07.103Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings."}, {"lang": "es", "value": "El tema de WordPress Restaurant Cafeteria hasta la versi\u00f3n 0.4.6 expone acciones admin-ajax inseguras sin comprobaciones de nonce o de capacidad, permitiendo a cualquier usuario autenticado, como un suscriptor, realizar operaciones privilegiadas. Un atacante puede instalar y activar un desde una URL proporcionada por el usuario, lo que lleva a la ejecuci\u00f3n arbitraria de c\u00f3digo PHP, y tambi\u00e9n importar contenido de demostraci\u00f3n que sobrescribe la configuraci\u00f3n del sitio, incluyendo las modificaciones del tema de WordPress Restaurant Cafeteria hasta la versi\u00f3n 0.4.6, p\u00e1ginas, men\u00fas y la configuraci\u00f3n de la p\u00e1gina de inicio."}], "id": "CVE-2025-15445", "lastModified": "2026-04-15T15:05:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-28T06:16:00.137", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.4.6]"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}]}, "original": {"product": "Restaurant Cafeteria", "source": "cna", "vendor": "Unknown"}, "product": "restaurant_cafeteria", "vendor": "restaurant_cafeteria"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-29T15:50:28.819735+00:00", "value": {"mitigation_remediation": ["Update the Restaurant Cafeteria theme to the latest version that removes the vulnerable Ajax actions.", "If an upgrade is not possible immediately, revoke or restrict the \"install plugin\" capability for subscriber accounts.", "Disable or restrict the insecure admin\u2011ajax endpoints used by the theme.", "Use a security plugin or web application firewall rule that blocks plugin installation from arbitrary URLs.", "Monitor site logs for unexpected admin\u2011ajax requests or attempts to install unfamiliar plugins."], "summary": {"action": "Patch Now", "impact": "Arbitrary PHP code execution via insecure Ajax actions"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts installations of the Restaurant Cafeteria theme version 0.4.6 and earlier on WordPress sites. It applies to sites that allow subscriber accounts to authenticate and use the theme's features.", "description_and_impact": "The Restaurant Cafeteria WordPress theme through version 0.4.6 exposes admin\u2011ajax actions that lack nonce and capability checks. Consequently, any logged\u2011in user, including subscribers, can trigger privileged operations. An attacker can instruct the site to install and activate a plugin from a supplied URL, which results in execution of arbitrary PHP code. The flaw also permits importing demo content that rewrites site configuration, including theme settings, pages, menus, and front\u2011page settings, effectively compromising the entire website configuration.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity; the EPSS score is below 1% and the flaw is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread public exploitation. Nevertheless, because the attack requires only a logged\u2011in WordPress user, and the description notes that a subscriber can trigger the vulnerable actions, an attacker can easily compromise a site with full code execution and site takeover capabilities."}}}}, "created": "2026-03-29T20:32:42.284668+00:00", "updated": "2026-03-30T07:59:10.935181+00:00", "vendors": ["restaurant_cafeteria", "restaurant_cafeteria$PRODUCT$restaurant_cafeteria", "wordpress", "wordpress$PRODUCT$wordpress"]}