VYPR
Critical severity9.8NVD Advisory· Published Sep 8, 2025· Updated Apr 15, 2026

CVE-2025-9114

CVE-2025-9114

Description

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2025-9114 · Critical · VYPR