CVE-2025-67566 WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

CVE-2024-43234 WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through = 5.4.14...

CVE-2024-43234 WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through = 5.4.14...

CVE-2024-43234

The CVE-2024-43234 entry concerns WordPress Woffice theme versions through 5.4.14 that expose an Authentication Bypass Using an Alternate Path or Channel vulnerability. The root cause is an authentication bypass mechanism in Woffice that allows an unauthenticated user to take over accounts, with ...

WordPress Woffice Theme <= 5.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Woffice Type Theme Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37472 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 742e892a0fa2 Credits Rafie Muhammad Patchstack Required...

WordPress Woffice Core Plugin <= 5.4.8 is vulnerable to Broken Access Control

Software Woffice Core Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37470 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID d7dfbe1583d4 Credits Rafie Muhammad Patchstack...

WordPress Woffice Core Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Woffice Core Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88417011c3b0 Credits Rafie Muhammad Patchstack Required...