3 matches found
CVE-2025-7694 Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion
The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...
CVE-2025-2780
CVE-2025-2780 affects the WordPress Woffice Core plugin (versions up to and including 5.4.21). The issue is an arbitrary file upload vulnerability caused by missing file type validation in the saveFeaturedImage function, enabling authenticated users with Subscriber-level access or higher to uploa...
WordPress plugin Woffice Core Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...