Lucene search
K

39 matches found

RedhatCVE
RedhatCVE
added 2025/11/04 4:21 p.m.5 views

CVE-2025-8900

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...

9.8CVSS6.5AI score0.00361EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/03 10:38 p.m.9 views

WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...

9.8CVSS6.7AI score0.00361EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/03 3:30 p.m.7 views

EUVD-2025-37487

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...

9.8CVSS6.1AI score0.00361EPSS
Exploits0References3
NVD
NVD
added 2025/11/03 3:15 p.m.3 views

CVE-2025-8900

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...

9.8CVSS0.00361EPSS
Exploits0References2
CVE
CVE
added 2025/11/03 2:26 p.m.19 views

CVE-2025-8900

CVE-2025-8900 : The Doccure Core WordPress plugin is vulnerable to unauthenticated privilege escalation in versions up to but not including 1.5.4. The flaw allows users registering new accounts to set their own role (via the user_type field), enabling an unauthenticated attacker to create an admi...

9.8CVSS6.2AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/03 2:26 p.m.8 views

CVE-2025-8900 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...

9.8CVSS0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/03 2:26 p.m.4 views

CVE-2025-8900 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...

9.8CVSS6.2AI score0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.5 views

WordPress plugin Doccure Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9.8CVSS6.5AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-44766

Name of the Vulnerable Software and Affected Versions Doccure Core plugin for WordPress versions prior to 1.5.4 Description The Doccure Core plugin for WordPress allows privilege escalation in versions prior to 1.5.4. This occurs because the plugin permits users creating new accounts to define...

9.8CVSS6.9AI score0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27169

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00574EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27168

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00538EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27170

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/10 7:18 p.m.7 views

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

9.8CVSS5.9AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 7:18 p.m.5 views

CVE-2025-9112

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccuretempfileuploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to...

8.8CVSS6.6AI score0.00538EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 7:18 p.m.3 views

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.6AI score0.00574EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/08 10:33 p.m.4 views

WordPress Doccure plugin <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...

8.8CVSS7AI score0.00538EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/08 10:27 p.m.9 views

WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary User Password Change vulnerability

Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...

9.8CVSS7AI score0.0037EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/08 10:25 p.m.6 views

WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...

9.8CVSS7AI score0.00574EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/08 7:15 p.m.8 views

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

9.8CVSS0.0037EPSS
Exploits0References2
NVD
NVD
added 2025/09/08 7:15 p.m.4 views

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00574EPSS
Exploits0References2
Rows per page
Query Builder