CVE-2025-67919

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

PT-2026-1896

Name of the Vulnerable Software and Affected Versions WofficeIO Woffice Core versions prior to 5.4.30 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. The issue affects the woffice-core...

WordPress plugin Woffice Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-67566

Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

PT-2025-49940

Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.30...

EUVD-2024-36689

Malicious code in bioql PyPI...

EUVD-2024-36688

Malicious code in bioql PyPI...

WordPress Woffice Core plugin <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability

Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Woffice Core versions = 5.4.26...

CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-2797 Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval

The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'wofficehandleuserapprovalactions' function. This makes it possible for unauthenticated attackers to approve...

CVE-2025-2797 Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval

The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'wofficehandleuserapprovalactions' function. This makes it possible for unauthenticated attackers to approve...

CVE-2024-37471

Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8...

CVE-2024-37470

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...

CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...

CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...

CVE-2024-37470

CVE-2024-37470 describes a Missing Authorization vulnerability in Woffice Core (WordPress plugin) up to version 5.4.8. The issue allows accessing functionality not properly constrained by ACLs due to missing authorization checks, as documented in multiple sources. The impact is stated as high for...

CVE-2024-37471 WordPress Woffice Core plugin <= 5.4.8 - Site Wide Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8...