Description
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
Published: 2025-09-08
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Account Takeover
Action: Immediate Patch
AI Analysis

Impact

The Doccure WordPress theme version 1.5.0 and earlier allows an unauthenticated user to reset any account password through a bypass of the theme’s authorization checks, effectively granting full control of administrator accounts. This flaw arises from the plugin exposing user‑controlled access to the password‑change functionality without validating the requester’s privileges, as identified by CWE‑639. An attacker exploiting this flaw can compromise user confidentiality, integrity, and availability by taking over privileged accounts.

Affected Systems

The vulnerability affects the Doccure theme for WordPress provided by dreamstechnologies. Any installation of the Doccure theme v1.5.0 or earlier is affected, including all WordPress sites that have not upgraded beyond version 1.5.0.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests a low exploitation likelihood at present; however the vulnerability is not yet cataloged in the CISA KEV. Attackers can exploit the flaw without authentication by sending a crafted request to the WordPress site, bypassing authorization checks to trigger a password change. The lack of required credentials makes this a highly scalable attack vector for compromising administrator accounts.

Generated by OpenCVE AI on April 21, 2026 at 03:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Doccure theme to the latest version that fixes the password‑change authorization flaw.
  • If an upgrade is not immediately possible, force a password reset for all user accounts—especially administrators—and enable strong password policies to limit the damage of a compromised credential.
  • Restrict access to the theme’s password‑change endpoint by adding an authentication gate or by enabling a Web Application Firewall rule that blocks unauthorized POST requests.

Generated by OpenCVE AI on April 21, 2026 at 03:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27170 The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
Title Doccure <= 1.4.8 - Unauthenticated Arbitrary User Password Change Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 08 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 08 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
Title Doccure <= 1.4.8 - Unauthenticated Arbitrary User Password Change
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:06:35.382Z

Reserved: 2025-08-18T09:06:53.080Z

Link: CVE-2025-9114

cve-icon Vulnrichment

Updated: 2025-09-08T19:34:24.082Z

cve-icon NVD

Status : Deferred

Published: 2025-09-08T19:15:38.007

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-9114

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T03:15:16Z

Weaknesses