Vulnerability in Dreamer Blog Theme for WordPress Allows Arbitrary Installations
CVE-2025-10915

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Dreamer Blog
Vendor: CVE Published:; 13 January 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10915?

The Dreamer Blog WordPress theme, up to version 1.2, is exposed to a vulnerability that allows unauthorized users to perform arbitrary installations due to a missing capability check. This can lead to unauthorized access and potential exploitation, making it critical for users to ensure their theme is updated to avoid security breaches.

Affected Version(s)

Dreamer Blog 0 <= 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10915 - Proof of Concept

References

https://wpscan.com/vulnerability/dab3a804-9027-4b4a-b61c-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 13, 2026
👾
Exploit known to exist
Jan 13, 2026
Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Sep 24, 2025

Credit

Khaled Alenazi (Nxploited)

WPScan

CVE-2025-10915 Data

JSON