Privilege Escalation in Restaurant Cafeteria Theme by WordPress

CVE-2025-15445

What is CVE-2025-15445?

The Restaurant Cafeteria WordPress theme, up to version 0.4.6, contains a vulnerability that exposes insecure admin-ajax actions. This flaw allows any logged-in user, including those with subscriber roles, to execute privileged operations without proper nonce or capability checks. An attacker could exploit this by installing and activating malicious plugins sourced from user-supplied URLs, enabling arbitrary PHP code execution. Additionally, the vulnerability permits the import of demo content, potentially overwriting vital site configurations such as theme modifications, pages, menus, and front page settings.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References