Login Sign Up

CVE-2025-39352

8.2 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to delete arbitrary WordPress options without proper authorization in the Grand Restaurant WordPress theme. Any WordPress site using affected versions of this theme is vulnerable, potentially leading to site disruption or takeover.

💻 Affected Systems

Products:
  • ThemeGoods Grand Restaurant WordPress Theme
Versions: All versions up to and including 7.0
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the Grand Restaurant theme active.

📦 What is this software?

Grand Restaurant by Themegoods

View all CVEs affecting Grand Restaurant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through deletion of critical WordPress options, potentially allowing administrative access, site defacement, or data destruction.

🟠

Likely Case

Site disruption through deletion of theme or plugin settings, causing functionality loss or requiring restoration from backups.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only affecting non-critical settings.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some WordPress access but not administrative privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 7.1 or later

Vendor Advisory: https://patchstack.com/database/wordpress/theme/grandrestaurant/vulnerability/wordpress-grand-restaurant-wordpress-theme-7-0-arbitrary-options-deletion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Grand Restaurant theme update. 4. Update to version 7.1 or later. 5. Verify theme functions correctly after update.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Switch to a different WordPress theme temporarily until patched

wp theme activate twentytwentyfour

Restrict user capabilities

linux

Limit user roles to prevent exploitation

wp user list --role=subscriber --field=ID | xargs wp user set-role subscriber

🧯 If You Can't Patch

  • Implement web application firewall rules to block suspicious option deletion requests
  • Enable detailed logging of all WordPress option changes and monitor for unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check WordPress theme version in Appearance > Themes or use: wp theme list --field=name,version | grep grandrestaurant

Check Version:

wp theme list --field=name,version | grep grandrestaurant

Verify Fix Applied:

Confirm theme version is 7.1 or higher: wp theme list --field=name,version | grep grandrestaurant

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized option deletion attempts in WordPress debug logs
  • Multiple option_name deletions in short timeframes

Network Indicators:

  • POST requests to wp-admin/admin-ajax.php with delete_option actions
  • Unusual option parameter patterns

SIEM Query:

source="wordpress.log" AND "delete_option" AND NOT user_role="administrator"

📊 Metadata

CVE ID: CVE-2025-39352
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-862
EPSS Score: 0.08% exploit probability (23.2th percentile)
Published: May 19, 2025
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39352, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)