Home

Description

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.

PUBLISHED Reserved 2025-09-24 | Published 2026-01-13 | Updated 2026-01-13 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status
affected

Any version
affected

Credits

Khaled Alenazi (Nxploited) finder

WPScan coordinator

References

wpscan.com/...rability/dab3a804-9027-4b4a-b61c-61b562045bc4/ exploit vdb-entry technical-description

cve.org (CVE-2025-10915)

nvd.nist.gov (CVE-2025-10915)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.