{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9112", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-18T09:01:52.205Z", "datePublished": "2025-09-08T18:23:47.218Z", "dateUpdated": "2026-04-08T16:44:37.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:37.656Z"}, "affected": [{"vendor": "dreamstechnologies", "product": "Doccure", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Doccure <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f38498d-0560-4935-b1f5-1fdb62f49a5b?source=cve"}, {"url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-08-18T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-09-08T05:35:13.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T19:34:35.435422Z", "id": "CVE-2025-9112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T19:44:36.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-08T19:34:35.435422Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T19:34:37.431Z"}}], "cna": {"title": "Doccure <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "dreamstechnologies", "product": "Doccure", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.4.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-18T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-09-08T05:35:13.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f38498d-0560-4935-b1f5-1fdb62f49a5b?source=cve"}, {"url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"}], "descriptions": [{"lang": "en", "value": "The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-08T18:23:47.218Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9112", "state": "PUBLISHED", "dateUpdated": "2025-09-08T19:44:36.229Z", "dateReserved": "2025-08-18T09:01:52.205Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-08T18:23:47.218Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "id": "CVE-2025-9112", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-08T19:15:37.610", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f38498d-0560-4935-b1f5-1fdb62f49a5b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:22:21.616480+00:00", "value": {"mitigation_remediation": ["Upgrade Doccure theme to a version newer than 1.5.0 that fixes the upload validation flaw.", "If an update is not yet available, restrict file upload rights for subscriber-level accounts or any non\u2011administrator role until a patch can be applied.", "Configure WordPress to permit only safe MIME types in the allowed file types list, and set the uploads directory so that executable files cannot run (via .htaccess or server configuration)."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Dream Technologies\u2019 Doccure WordPress theme, versions 1.5.0 and all earlier releases, used on WordPress sites.", "description_and_impact": "The flaw in the Doccure WordPress theme arises from missing or deficient file type validation in the doccure_temp_file_uploader function. An attacker who is authenticated with a WordPress account that has at least subscriber-level privileges can supply arbitrary files, potentially including malicious scripts. Because the data is written to the site\u2019s file system without proper restrictions, the attacker may trigger remote code execution or compromise site integrity.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.8, rating it as High severity. The EPSS score indicates a very low probability of exploitation in the wild (< 1%). It is currently not listed in the CISA KEV catalog. As the flaw requires authenticated access with subscriber or higher permissions, the attack vector is likely limited to users who can log into the WordPress backend with sufficient privileges. Once inside, the attacker can upload arbitrary files, and if a file with executable code is placed in a web\u2011accessible location, remote code execution becomes feasible."}}}}, "created": "2025-09-09T21:31:59.410654+00:00", "updated": "2026-04-22T14:30:18.957827+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}