WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability

Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...

CVE-2025-10915

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-10915

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-10915

The Dreamer Blog WordPress theme (≤ 1.2) is reported to be vulnerable to arbitrary plugin installations due to a missing capability check. The CVE entry CVE-2025-10915 maps to this issue. Wordfence notes indicate the Dreamer Blog vulnerability is still unpatched, highlighting a risk of unauthoriz...

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

WordPress plugin Dreamer Blog 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-2349

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2023-43856

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...

CVE-2023-43857

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /admin/u/toIndex...

CVE-2023-45904

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /variable/update...

CVE-2023-45905

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/variable/add...

CVE-2023-45901

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/category/add...

CVE-2023-45903

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/label/delete...

CVE-2023-4743

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of ...

CVE-2025-1548

A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be initiated remotely...

CVE-2025-1543

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed ...

CVE-2024-2354

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclos...

EUVD-2023-50164

Malicious code in bioql PyPI...

EUVD-2023-30872

Malicious code in bioql PyPI...