Description
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-09-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw in the Doccure WordPress theme arises from missing or deficient file type validation in the doccure_temp_file_uploader function. An attacker who is authenticated with a WordPress account that has at least subscriber-level privileges can supply arbitrary files, potentially including malicious scripts. Because the data is written to the site’s file system without proper restrictions, the attacker may trigger remote code execution or compromise site integrity.

Affected Systems

Dream Technologies’ Doccure WordPress theme, versions 1.5.0 and all earlier releases, used on WordPress sites.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, rating it as High severity. The EPSS score indicates a very low probability of exploitation in the wild (< 1%). It is currently not listed in the CISA KEV catalog. As the flaw requires authenticated access with subscriber or higher permissions, the attack vector is likely limited to users who can log into the WordPress backend with sufficient privileges. Once inside, the attacker can upload arbitrary files, and if a file with executable code is placed in a web‑accessible location, remote code execution becomes feasible.

Generated by OpenCVE AI on April 22, 2026 at 14:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Doccure theme to a version newer than 1.5.0 that fixes the upload validation flaw.
  • If an update is not yet available, restrict file upload rights for subscriber-level accounts or any non‑administrator role until a patch can be applied.
  • Configure WordPress to permit only safe MIME types in the allowed file types list, and set the uploads directory so that executable files cannot run (via .htaccess or server configuration).

Generated by OpenCVE AI on April 22, 2026 at 14:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27168 The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Wed, 08 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
Description The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Doccure <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload Doccure <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 08 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 08 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Doccure <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:44:37.656Z

Reserved: 2025-08-18T09:01:52.205Z

Link: CVE-2025-9112

cve-icon Vulnrichment

Updated: 2025-09-08T19:34:37.431Z

cve-icon NVD

Status : Deferred

Published: 2025-09-08T19:15:37.610

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-9112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T14:30:18Z

Weaknesses