漏洞信息摘要 漏洞描述 漏洞名称: Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation 描述: 主题由于缺少权限检查,易受到任意插件安装的影响。 漏洞细节 类型: NO AUTHORISATION OWASP Top 10: A5: Broken Access Control CWE: CWE-862 (Missing Authorization) CVSS: 8.8 (高危) 影响范围 受影响主题: Dreamer Blog 修复情况: 目前没有已知修复 附带信息 研究人员: Khaled Alenazi (Nxploited) 提交者: Khaled Alenazi (Nxploited) 验证状态: 是 WPVDB ID: dab3a804-9027-4b4a-b61c-61b562045bc4 时间线 公开发布日期: 2025-12-23 添加日期: 2025-12-23 最后更新日期: 2025-12-23 其他相关漏洞 2022-10-20: Simple SEO < 1.8.13 - Subscriber+ Sitemap Creation/Deletion 2025-09-22: WP User Frontend < 4.1.13 - Missing Authorization 2024-12-02: Filebird < 6.3.4 - Missing Authorization 2025-03-18: CozyStay < 1.7.1 - Missing Authorization to Arbitrary Action Execution in ajax_handler 2025-06-19: Giveaways and Contests by RafflePress < 1.12.19 - Missing Authorization