23 matches found
CVE-2025-5835
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5831
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5835
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5831
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5831
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5835 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5835
CVE-2025-5835 concerns the Droip plugin for WordPress. The vulnerability arises from a missing capability check in the droip_post_apis() function across versions up to and including 2.2.0, enabling authenticated attackers with Subscriber-level access and above to trigger AJAX hooks and perform ac...
CVE-2025-5835 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5831
CVE-2025-5831 affects the Droip WordPress plugin. The vulnerability arises from missing file type validation in the make_google_font_offline() function, allowing authenticated users with Subscriber+ privileges to upload arbitrary files to the server (versions up to 2.2.0). This can potentially le...
CVE-2025-5831 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5831 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
PT-2025-30734 · WordPress · Droip
Name of the Vulnerable Software and Affected Versions: Droip plugin for WordPress versions up to 2.2.0 Description: The Droip plugin for WordPress is susceptible to unauthorized modification and access of data due to a missing capability check on the droip post apis function. Authenticated...
WordPress plugin Droip 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Droip 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress Droip plugin <= 2.2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Foxyyy in WordPress Plugin Droip versions = 2.2.6...
CVE-2024-43955 WordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...
CVE-2024-43955 WordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...
CVE-2024-43954 WordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure Vulnerability
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1...
WordPress plugin Droip 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Droip 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversa...