CVE-2025-2797

The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approv...