CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43234 – WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-43234
10 Dec 2024 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. The Woffice CRM theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.4.14. This makes i... • https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43153 – WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-43153
07 Aug 2024 — Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. The Woffice CRM theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.10. This makes it possible for unauthenticated attackers to gain access to accounts with administrative level access. • https://patchstack.com/database/vulnerability/woffice/wordpress-woffice-theme-5-4-10-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37470 – WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37470
01 Jul 2024 — Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8. The Woffice Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.4.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woffice-core/wordpress-woffice-core-plugin-5-4-8-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •