VulnerAlert



WORDPRESS
09-09-2025 14:16

CVE-2025-9112 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#server
#affected
#attackers
#authenticated
#arbitrary
#vulnerable
#remote
#execution
#attack
#affect
Descripción
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due incorrect type validation in the 'doccure_temp_file_uploader' function all versions up to, and including, 1.4.8. This makes it possible authenticated attackers, with subscriber-level above permissions, upload files on affected site's server which may make remote code execution possible.
https://themeforest.net/item/doccure-medical-wordpress-theme/34329202
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f38498d-0560-4935-b1f5-1fdb62f49a5b?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-9112
Resultados similares
Coincidentes en almenos en 50% de los tags
10-09-2025 CVE-2025-8388
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is...
Ver información
09-09-2025 CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up ...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por