111 matches found
CVE-2025-67919
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67918
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...
CVE-2025-67918
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...
CVE-2025-67919
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67919
CVE-2025-67919 affects Woffice Core (WordPress theme) up to version 5.4.30. The issue is an unauthenticated insecure direct object reference leading to an authorization bypass via a user-controlled key, enabling access to restricted resources. Wordfence reports this as Woffice Core
CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...
CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...
WordPress plugin Woffice 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1896
Name of the Vulnerable Software and Affected Versions WofficeIO Woffice Core versions prior to 5.4.30 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. The issue affects the woffice-core...
PT-2026-1895
Name of the Vulnerable Software and Affected Versions Woffice versions prior to 5.4.30 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This means an attacker could potentially inject...
WordPress plugin Woffice Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.30...
WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.30...
CVE-2025-67566
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
EUVD-2025-202080
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67566
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67566 WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...
CVE-2025-67566
CVE-2025-67566 describes a Missing Authorization vulnerability in WordPress Woffice Core plugin (versions up to and including 5.4.30). The Red Hat and CVE list entries corroborate that Woffice Core