Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation_CVE-2025-8900

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

AI Analysis

Unauthenticated privilege escalation vulnerability in Doccure Core plugin for WordPress

Basic Information

ID CVE-2025-8900

Source Wordfence

Published Nov 3, 2025 at 14:26

Modified Nov 3, 2025 at 14:42

Affected Product

Vendor dreamstechnologies

Product Doccure Core

Version *

Affected Versions dreamstechnologies Doccure Core *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Dreamstechnologies

Product Doccure Core

Version < 1.5.4

References

{
    "lastseen": "",
    "description": "The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.",
    "published": "2025-11-03T14:26:38.140Z",
    "modified": "2025-11-03T14:42:18.817Z",
    "type": "cve",
    "title": "Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49e133c9-5d3b-4a2a-8385-e2db44baa217?source=cve\nhttps://themeforest.net/item/doccure-medical-wordpress-theme/34329202",
    "id": "CVE-2025-8900",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "dreamstechnologies Doccure Core *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Doccure Core",
    "version": "*",
    "vendor": "dreamstechnologies",
    "ai_description": "Unauthenticated privilege escalation vulnerability in Doccure Core plugin for WordPress",
    "ai_severity": "Critical",
    "ai_vendor": "Dreamstechnologies",
    "ai_product": "Doccure Core",
    "ai_version": "< 1.5.4",
    "ai_score": 9.8
}