The vulnerability identified as CVE-2025-15445 affects the Restaurant Cafeteria WordPress theme up to version 0.4.6. It stems from missing authorization checks (CWE-862) on admin-ajax actions exposed by the theme. Specifically, these AJAX endpoints lack nonce verification and capability checks, allowing any authenticated user, including those with minimal privileges such as subscribers, to perform privileged operations. An attacker can exploit this by sending crafted requests to install and activate arbitrary plugins or code from URLs they control, resulting in arbitrary PHP code execution on the server. Furthermore, the attacker can import demo content that modifies critical site configurations, including theme settings, pages, menus, and the front page, effectively hijacking the site’s appearance and functionality. The vulnerability does not require elevated privileges beyond being logged in, nor does it require additional user interaction, making exploitation straightforward once access is obtained. No CVSS score has been assigned yet, and no patches or mitigations have been officially published. The lack of nonce and capability checks represents a fundamental security flaw in the theme’s design, exposing WordPress sites using this theme to severe compromise risks.

The impact of CVE-2025-15445 is severe for organizations using the affected Restaurant Cafeteria WordPress theme. Attackers can achieve arbitrary code execution, which may lead to full site takeover, data theft, defacement, or use of the compromised site as a launchpad for further attacks. The ability to import demo content that rewrites site configurations can disrupt business operations by altering site navigation, content, and user experience. Since the vulnerability requires only a logged-in user, even low-privileged accounts can be leveraged, increasing the attack surface. Organizations relying on this theme for their online presence, especially in the hospitality and restaurant sectors, risk reputational damage, loss of customer trust, and potential regulatory consequences if sensitive data is exposed. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability’s ease of exploitation makes it a high priority for remediation.

To mitigate this vulnerability, organizations should immediately restrict user roles to trusted individuals and minimize the number of accounts with login access until a patch is available. Disable or remove the Restaurant Cafeteria theme if it is not actively used. Monitor admin-ajax requests for unusual activity indicative of exploitation attempts. Implement web application firewall (WAF) rules to detect and block suspicious AJAX calls targeting the vulnerable endpoints. If possible, apply custom code patches to add nonce verification and capability checks to the affected AJAX actions. Regularly audit user accounts and permissions to ensure no unauthorized users have access. Backup site data frequently to enable recovery in case of compromise. Stay alert for official patches or updates from the theme developer and apply them promptly once released.