4 matches found
CVE-2024-43955
CVE-2024-43955: Droip (WordPress plugin)
CVE-2024-43954
CVE-2024-43954 corresponds to a Themeum Droip vulnerability in WordPress. Connected sources show an ACL/authorization bypass for Droip allowing access to constrained functionality, affecting Droip versions up to 1.1.1. The Wordfence data explicitly references an Unauthenticated Arbitrary File Del...
CVE-2025-5831
CVE-2025-5831 affects the Droip WordPress plugin. The vulnerability arises from missing file type validation in the make_google_font_offline() function, allowing authenticated users with Subscriber+ privileges to upload arbitrary files to the server (versions up to 2.2.0). This can potentially le...
CVE-2025-5835
CVE-2025-5835 concerns the Droip plugin for WordPress. The vulnerability arises from a missing capability check in the droip_post_apis() function across versions up to and including 2.2.0, enabling authenticated attackers with Subscriber-level access and above to trigger AJAX hooks and perform ac...