CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43234 – WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-43234
10 Dec 2024 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. The Woffice CRM theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.4.14. This makes i... • https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43153 – WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-43153
07 Aug 2024 — Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. The Woffice CRM theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.10. This makes it possible for unauthenticated attackers to gain access to accounts with administrative level access. • https://patchstack.com/database/vulnerability/woffice/wordpress-woffice-theme-5-4-10-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37471 – WordPress Woffice Core plugin <= 5.4.8 - Site Wide Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37471
01 Jul 2024 — Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8. Vulnerabilidad de Cross Site Scripting (XSS) en WofficeIO Woffice Core permite XSS Reflejado. Este problema afecta a Woffice Core: desde n/a hasta 5.4.8. The Woffice Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping. This makes it possible for ... • https://patchstack.com/database/vulnerability/woffice-core/wordpress-woffice-core-plugin-5-4-8-site-wide-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37472 – WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37472
01 Jul 2024 — Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8. Vulnerabilidad de Cross Site Scripting (XSS) en WofficeIO Woffice permite XSS Reflejado. Este problema afecta a Woffice: desde n/a hasta 5.4.8. The Woffice theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘[function_or_param]’ parameter in versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping. This makes it... • https://patchstack.com/database/vulnerability/woffice/wordpress-woffice-theme-5-4-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •