EUVD-2025-209110

| CVE-2025-15445 MEDIUM
2026-03-28 WPScan GHSA-v474-g846-5m4r
5.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
Analysis Generated
Mar 28, 2026 - 06:15 vuln.today
EUVD ID Assigned
Mar 28, 2026 - 06:15 euvd
EUVD-2025-209110
CVE Published
Mar 28, 2026 - 06:00 nvd
MEDIUM 5.4

Tags

WordPress PHP RCE Authentication Bypass

Description

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.

Analysis

Restaurant Cafeteria WordPress theme through version 0.4.6 allows authenticated subscribers to execute arbitrary PHP code and modify site configuration through unprotected admin-ajax actions lacking nonce and capability checks. An attacker with subscriber-level access can install malicious plugins from attacker-controlled URLs or import demo content that overwrites critical site settings, pages, menus, and theme configuration. Publicly available exploit code exists for this vulnerability.

Technical Context

The Restaurant Cafeteria WordPress theme implements AJAX endpoints that process administrative operations without implementing WordPress security mechanisms-specifically missing nonce verification (wp_verify_nonce) and capability checks (current_user_can). This allows privilege escalation from the lowest authenticated role (subscriber) to perform actions normally restricted to administrators. The vulnerability chain enables two attack paths: direct plugin installation via admin-ajax handlers that accept user-supplied plugin URLs without validation, and mass-assignment style attacks through demo content import functions that modify core WordPress options (site title, pages, menus, front page settings) and theme-specific modifications stored in wp_options. The affected component is the theme's admin-ajax.php handler implementation, which fails to enforce both authentication context validation and authorization context validation as required by WordPress security best practices.

Affected Products

Restaurant Cafeteria WordPress theme all versions through 0.4.6 are affected (cpe:2.3:a:unknown:restaurant_cafeteria:*:*:*:*:*:*:*:*). The vulnerability report from WPScan identifies the theme by name and version range; no other affected products are listed in the available intelligence.

Remediation

Update the Restaurant Cafeteria WordPress theme to a version newer than 0.4.6 immediately. No specific patched version number is confirmed in the provided advisory data; consult the official theme repository or vendor changelog at https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/ for the exact minimum safe version. As a temporary workaround pending update, restrict subscriber role permissions through WordPress role management or a security plugin that blocks unauthorized admin-ajax actions; however, this does not address the underlying code defect and should not be relied upon as a permanent solution. WordPress administrators should audit user accounts to identify and remove any suspicious plugins or imported demo content that may have been deployed via this attack vector.

Priority Score

47
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +27
POC: +20

Share

EUVD-2025-209110 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy