4 matches found
CVE-2025-2798
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom...
CVE-2025-2798
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom...
CVE-2025-2798 Woffice <= 5.4.21 - Authentication Bypass via Registration Role
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom...
PT-2025-14890 · WordPress · Woffice Crm Theme
Name of the Vulnerable Software and Affected Versions: Woffice CRM theme for WordPress versions up to, and including, 5.4.21 Description: The issue is due to a misconfiguration of excluded roles during registration, making it possible for unauthenticated attackers to register with an Administrato...