CVE-2025-9113

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Doccure theme for WordPress versions through 1.4.8

Description: The Doccure theme for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the doccure temp upload to media function. This flaw allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution.

Recommendations: Update the Doccure theme to a version beyond 1.4.8.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-9113

Affected Products

Doccure

CVE-2025-9113

Weakness Enumeration

Related Identifiers

Affected Products

References · 7