39 matches found
CVE-2025-8900
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...
WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...
EUVD-2025-37487
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...
CVE-2025-8900
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...
CVE-2025-8900
CVE-2025-8900 : The Doccure Core WordPress plugin is vulnerable to unauthenticated privilege escalation in versions up to but not including 1.5.4. The flaw allows users registering new accounts to set their own role (via the user_type field), enabling an unauthenticated attacker to create an admi...
CVE-2025-8900 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...
CVE-2025-8900 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'usertype' field. This makes it possible for unauthenticated attacke...
WordPress plugin Doccure Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-44766
Name of the Vulnerable Software and Affected Versions Doccure Core plugin for WordPress versions prior to 1.5.4 Description The Doccure Core plugin for WordPress allows privilege escalation in versions prior to 1.5.4. This occurs because the plugin permits users creating new accounts to define...
EUVD-2025-27169
Malicious code in bioql PyPI...
EUVD-2025-27168
Malicious code in bioql PyPI...
EUVD-2025-27170
Malicious code in bioql PyPI...
CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...
CVE-2025-9112
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccuretempfileuploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to...
CVE-2025-9113
The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
WordPress Doccure plugin <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...
WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary User Password Change vulnerability
Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...
WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...
CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...
CVE-2025-9113
The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...