Dreamstechnologies Doccure Core vulnerabilities
2 known vulnerabilities affecting dreamstechnologies/doccure_core.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-9113P2CRITICALCVSS 9.8≤ 1.5.32025-09-08
CVE-2025-9113 [CRITICAL] CWE-434 CVE-2025-9113: The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty
The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution
nvd
CVE-2025-8900P2CRITICALCVSS 9.8fixed in 1.5.42025-11-03
CVE-2025-8900 [CRITICAL] CWE-269 CVE-2025-8900: The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and e
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account
nvd