Description
The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-09-08
Score: 9.8 Critical
EPSS: 1.1% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an arbitrary file upload flaw caused by missing file type validation in the Doccure Core plugin's doccure_temp_upload_to_media function. Unauthenticated attackers can upload any file to the site’s server, which can lead to remote code execution if the uploaded file is executed. This weakness is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type).

Affected Systems

The flaw affects the Dreamstechnologies Doccure Core WordPress plugin in all releases up to and including version 1.5.3. Any WordPress site that uses this plugin before updating to a newer version is vulnerable.

Risk and Exploitability

With a CVSS score of 9.8 the vulnerability is considered critical. The EPSS score of less than 1% indicates a low current exploitation probability, and the flaw is not listed in the CISA KEV catalog. Because the upload endpoint is unauthenticated, the attack vector is independent of user privileges and can be triggered from any online request, making the risk high for exposed sites that have the plugin installed.

Generated by OpenCVE AI on April 21, 2026 at 03:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Doccure Core to the latest version beyond 1.5.3 to apply the vendor‑fix.
  • If an update cannot be performed immediately, block the doccure_temp_upload_to_media endpoint with a web‑application firewall or server‑side rewrite rule to reject all file uploads.
  • Configure the web server to mark the upload directory as non‑executable to prevent any uploaded content from being run as code.

Generated by OpenCVE AI on April 21, 2026 at 03:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27169 The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Doccure <= 1.4.8 - Unauthenticated Arbitrary File Upload Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 08 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 08 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Doccure <= 1.4.8 - Unauthenticated Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:00:14.032Z

Reserved: 2025-08-18T09:04:28.460Z

Link: CVE-2025-9113

cve-icon Vulnrichment

Updated: 2025-09-08T19:34:30.466Z

cve-icon NVD

Status : Deferred

Published: 2025-09-08T19:15:37.820

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-9113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T03:15:16Z

Weaknesses