Droip Security Vulnerabilities and Issues — Droip CVE List

Lucene search

ThemeumDroip

4 matches found

CVE•added 2024/08/29 4:15 p.m.•44 views

CVE-2024-43955

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.

10CVSS8.6AI score0.0048EPSS

CVE•added 2024/08/29 4:15 p.m.•38 views

CVE-2024-43954

Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.

6.3CVSS6.7AI score0.00098EPSS

CVE•added 2025/07/25 7:15 a.m.•9 views

CVE-2025-5831

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload ar...

8.8CVSS7.2AI score0.00264EPSS

CVE•added 2025/07/25 7:15 a.m.•7 views

CVE-2025-5835

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

8.8CVSS6.1AI score0.00044EPSS