VYPR
Medium severity5.4NVD Advisory· Published Mar 28, 2026· Updated Apr 15, 2026

CVE-2025-15445

CVE-2025-15445

Description

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

1

News mentions

1