The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to

WORDPRESS

09-09-2025 14:16

CVE-2025-9113 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#site

#server

#affected

#attackers

#authenticated

#arbitrary

#vulnerable

#remote

#execution

#attack

#affect

Descripción

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due missing type validation in the 'doccure_temp_upload_to_media' function all versions up to, and including, 1.4.8. This makes it possible unauthenticated attackers upload files on affected site's server which may make remote code execution possible.

https://themeforest.net/item/doccure-medical-wordpress-theme/34329202

https://www.wordfence.com/threat-intel/vulnerabilities/id/6ff01c24-fa35-43bc-be60-f2bb37854681?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-9113

Resultados similares

Coincidentes en almenos en 50% de los tags

09-09-2025 CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up ...
Ver información

09-09-2025 CVE-2025-9112
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file t...
Ver información