Dreamstechnologies Doccure vulnerabilities
2 known vulnerabilities affecting dreamstechnologies/doccure.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-9114P2CRITICALCVSS 9.8≤ 1.5.02025-09-08
CVE-2025-9114 [CRITICAL] CWE-639 CVE-2025-9114: The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, a
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially
nvd
CVE-2025-9112P2HIGHCVSS 8.8≤ 1.5.02025-09-08
CVE-2025-9112 [HIGH] CWE-434 CVE-2025-9112: The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type v
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server wh
nvd