István Márton
·
Published
2025-09-08
·
Updated
2025-09-08
·
CVE-2025-9113
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Doccure theme for WordPress versions through 1.4.8
Description:
The Doccure theme for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the `doccure temp upload to media` function. This flaw allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution.
Recommendations:
Update the Doccure theme to a version beyond 1.4.8.
Fix
Unrestricted File Upload