A critical vulnerability has been identified in The Dreamer Blog WordPress theme, rated with a CVSS score of 9.8. This flaw allows any unauthenticated attacker to install arbitrary plugins or themes onto a vulnerable website. Successful exploitation could lead to a complete compromise of the website, resulting in data theft, website defacement, or the server being used for further malicious activities.

The vulnerability exists because a function responsible for handling plugin or theme installations lacks a proper capability check. In a secure WordPress environment, such functions should first verify that the user making the request has the appropriate administrative permissions (e.g., install_plugins). Due to this missing check, an unauthenticated attacker can craft a specific request to the server that triggers the installation functionality, allowing them to upload and activate a malicious plugin or theme of their choice, leading to arbitrary code execution.

This vulnerability is of critical severity with a CVSS score of 9.8. Exploitation could have a devastating impact on the business, leading to a full system compromise. Potential consequences include the theft of sensitive company or customer data, significant reputational damage from website defacement, financial losses due to service disruption, and the use of the compromised server as a platform for launching further attacks against other targets. The ease of exploitation and the high potential for damage make this a significant and immediate risk to the organization.

Immediate Action: Immediately identify all websites using "The Dreamer Blog" WordPress theme and update it to the latest patched version as recommended by the vendor. After patching, review all installed plugins, themes, and user accounts for any unauthorized additions or modifications that may have occurred prior to remediation.

Proactive Monitoring: System administrators should actively monitor web server access logs for unusual POST requests to administrative endpoints (e.g., admin-ajax.php) from unexpected IP addresses. Implement file integrity monitoring to detect and alert on any unauthorized changes or additions to files within the wp-content/plugins/ and wp-content/themes/ directories. Monitor for unusual outbound network traffic from the web server, which could indicate a connection to an attacker's command-and-control server.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to block malicious requests targeting this vulnerability. Consider disabling all plugin and theme installations and modifications by adding define( 'DISALLOW_FILE_MODS', true ); to the wp-config.php file. Additionally, restrict access to the WordPress administrative dashboard (/wp-admin) to trusted IP addresses only.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the availability of public exploit code, this vulnerability represents an immediate and severe threat. We strongly recommend that all system owners immediately apply the vendor-supplied patch to all affected websites without delay. Although this CVE is not currently listed on the CISA KEV catalog, its critical nature makes it a prime candidate for future inclusion. A proactive hunt for indicators of compromise should also be initiated, as the vulnerability may have been exploited before this public disclosure.