{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9114", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-18T09:06:53.080Z", "datePublished": "2025-09-08T18:23:48.130Z", "dateUpdated": "2026-04-08T17:06:35.382Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:35.382Z"}, "affected": [{"vendor": "dreamstechnologies", "product": "Doccure", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."}], "title": "Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f8b1d8f-b2b6-415c-91f2-e5b98048258d?source=cve"}, {"url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-08-18T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-09-08T05:36:20.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T19:34:21.920100Z", "id": "CVE-2025-9114", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T19:44:19.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9114", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-08T19:34:21.920100Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T19:34:24.082Z"}}], "cna": {"title": "Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "dreamstechnologies", "product": "Doccure", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-18T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-09-08T05:36:20.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f8b1d8f-b2b6-415c-91f2-e5b98048258d?source=cve"}, {"url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"}], "descriptions": [{"lang": "en", "value": "The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:35.382Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9114", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:06:35.382Z", "dateReserved": "2025-08-18T09:06:53.080Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-08T18:23:48.130Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."}], "id": "CVE-2025-9114", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-08T19:15:38.007", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f8b1d8f-b2b6-415c-91f2-e5b98048258d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:11:13.649912+00:00", "value": {"mitigation_remediation": ["Upgrade the Doccure theme to the latest version that fixes the password\u2011change authorization flaw.", "If an upgrade is not immediately possible, force a password reset for all user accounts\u2014especially administrators\u2014and enable strong password policies to limit the damage of a compromised credential.", "Restrict access to the theme\u2019s password\u2011change endpoint by adding an authentication gate or by enabling a Web Application Firewall rule that blocks unauthorized POST requests."], "summary": {"action": "Immediate Patch", "impact": "Account Takeover"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Doccure theme for WordPress provided by dreamstechnologies. Any installation of the Doccure theme v1.5.0 or earlier is affected, including all WordPress sites that have not upgraded beyond version 1.5.0.", "description_and_impact": "The Doccure WordPress theme version 1.5.0 and earlier allows an unauthenticated user to reset any account password through a bypass of the theme\u2019s authorization checks, effectively granting full control of administrator accounts. This flaw arises from the plugin exposing user\u2011controlled access to the password\u2011change functionality without validating the requester\u2019s privileges, as identified by CWE\u2011639. An attacker exploiting this flaw can compromise user confidentiality, integrity, and availability by taking over privileged accounts.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests a low exploitation likelihood at present; however the vulnerability is not yet cataloged in the CISA KEV. Attackers can exploit the flaw without authentication by sending a crafted request to the WordPress site, bypassing authorization checks to trigger a password change. The lack of required credentials makes this a highly scalable attack vector for compromising administrator accounts."}}}}, "created": "2025-09-09T21:31:55.905262+00:00", "updated": "2026-04-21T03:15:16.336351+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}