CVE-2025-10915
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | dreamer_blog | to 1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized plugin installations due to broken access control, which could lead to unauthorized access or modification of data. This situation may result in non-compliance with standards like GDPR or HIPAA that require strict access controls and protection of sensitive data. However, specific impacts on compliance are not detailed in the provided resources. [1]
Can you explain this vulnerability to me?
CVE-2025-10915 is a vulnerability in the Dreamer Blog WordPress theme version 1.2 and earlier. It occurs because the theme lacks a proper capability check, allowing authenticated users with Subscriber or higher roles to install arbitrary plugins. Attackers can exploit this by sending a specially crafted POST request to the WordPress admin AJAX endpoint to install any plugin from WordPress.org without proper authorization. This is a broken access control issue. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers with low-level authenticated access (Subscriber+ roles) to install any plugin they choose on the WordPress site. This can lead to unauthorized code execution, site compromise, data theft, or further attacks, severely impacting the security and integrity of the website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring for POST requests to the endpoint `wp-admin/admin-ajax.php?action=install_act_plugin_custom` with a plugin parameter specifying a plugin name. For example, inspecting web server logs or using network monitoring tools to filter for such requests can help identify exploitation attempts. A sample command using grep on server logs might be: `grep 'POST /wp-admin/admin-ajax.php?action=install_act_plugin_custom' /path/to/access.log`. Additionally, checking for unexpected plugin installations or changes in the plugins directory may indicate exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no known fix is currently available, immediate mitigation steps include restricting access to the vulnerable endpoint to trusted users only, limiting user roles that can authenticate to the WordPress admin area, and monitoring for suspicious activity related to plugin installations. Additionally, consider disabling plugin installations for Subscriber+ roles or applying custom access control measures to prevent unauthorized plugin installations until an official patch is released. [1]