16 matches found
EUVD-2025-9684
Malicious code in bioql PyPI...
EUVD-2025-9683
Malicious code in bioql PyPI...
EUVD-2025-23419
Malicious code in bioql PyPI...
CVE-2025-7694
The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...
PT-2025-31721 · WordPress · Woffice Core
Name of the Vulnerable Software and Affected Versions: Woffice Core plugin for WordPress versions prior to 5.4.27 Description: The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice file manager delete function. This...
CVE-2025-2797
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'wofficehandleuserapprovalactions' function. This makes it possible for unauthenticated attackers to approve...
CVE-2025-2780
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-2797
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'wofficehandleuserapprovalactions' function. This makes it possible for unauthenticated attackers to approve...
CVE-2025-2780
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-2797
CVE-2025-2797 affects the Woffice Core WordPress plugin up to version 5.4.21. The issue is a CSRF vulnerability due to missing nonce validation in woffice_handle_user_approval_actions, allowing unauthenticated attackers to approve user registrations if an admin visits a forged link. CVSS 3.1 base...
PT-2025-14862 · WordPress · Woffice Core
Name of the Vulnerable Software and Affected Versions: Woffice Core plugin for WordPress versions up to and including 5.4.21 Description: The issue is due to missing or incorrect nonce validation on the woffice handle user approval actions function, making it possible for unauthenticated attacker...
PT-2025-14861 · WordPress · Woffice Core
Name of the Vulnerable Software and Affected Versions: Woffice Core plugin for WordPress versions up to, and including, 5.4.21 Description: The issue is related to arbitrary file uploads due to missing file type validation in the saveFeaturedImage function. This allows authenticated attackers, wi...
WordPress Woffice Core plugin <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval vulnerability
Cross-Site Request Forgery to User Registration Approval vulnerability discovered by Foxyyy in WordPress Plugin Woffice Core versions = 5.4.21...
WordPress Woffice Core plugin <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Woffice Core versions = 5.4.21...
WordPress Woffice Core Plugin <= 5.4.8 is vulnerable to Broken Access Control
Software Woffice Core Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37470 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID d7dfbe1583d4 Credits Rafie Muhammad Patchstack...