Woffice Security Vulnerabilities and Issues — Woffice CVE List

Lucene search

XtendifyWoffice

4 matches found

CVE•added 2024/08/13 12:15 p.m.•52 views

CVE-2024-43153

Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.

9.8CVSS9.5AI score0.00317EPSS

CVE•added 2025/04/04 2:15 p.m.•51 views

CVE-2025-2798

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom l...

9.8CVSS5.8AI score0.00409EPSS

CVE•added 2024/12/16 4:15 p.m.•36 views

CVE-2024-43234

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.

9.8CVSS9.6AI score0.00297EPSS

CVE•added 2024/11/01 3:15 p.m.•32 views

CVE-2024-37470

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.

9.8CVSS8.3AI score0.00378EPSS