ByteOS Network

Doccure Core

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-8900

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-9.8||CRITICAL

EPSS-0.18% / 39.73%

7 Day CHG~0.00%

Published-03 Nov, 2025 | 14:26

Updated-08 Apr, 2026 | 16:50

Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

Vendor-dreamstechnologies

Product-Doccure Core

CWE ID-CWE-269

Improper Privilege Management

CVE-2025-9113

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-9.8||CRITICAL

EPSS-0.79% / 73.96%

7 Day CHG~0.00%

Published-08 Sep, 2025 | 18:23

Updated-08 Apr, 2026 | 18:25

Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Vendor-dreamstechnologies

Product-Doccure Core

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type