Woffice Security Vulnerabilities and Issues — Woffice CVE List

Lucene search

XtendifyWoffice

3 matches found

CVE•added 2024/07/04 7:15 p.m.•51 views

CVE-2024-37472

Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.

7.1CVSS6.3AI score0.00154EPSS

CVE•added 2024/07/04 7:15 p.m.•46 views

CVE-2024-37471

Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.

7.1CVSS6.3AI score0.0011EPSS

CVE•added 2025/08/02 4:15 a.m.•7 views

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and a...

7.5CVSS7.9AI score0.00283EPSS