CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32686 – WordPress Team Members <= 3.4.0 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-32686
15 Apr 2025 — Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.4 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No ... • https://patchstack.com/database/wordpress/plugin/wps-team/vulnerability/wordpress-team-members-3-4-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49748 – WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability
https://notcve.org/view.php?id=CVE-2023-49748
10 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WPServeur, NicolasKulka, wpformation WPS Hide Login permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a WPS Hide Login: desde ... • https://patchstack.com/database/vulnerability/wps-hide-login/wordpress-wps-hide-login-plugin-1-9-11-secret-login-page-location-disclosure-on-multisites-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40399
https://notcve.org/view.php?id=CVE-2021-40399
12 May 2022 — An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. Se presenta una vulnerabilidad explotable de uso de memoria previamente liberada en WPS Spreadsheets ( ET ) como parte de WPS Office, versión 11.2.0.10351. Un archivo XLS especialmente diseñado pu... • https://security.wps.cn/notices/28 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 25%CPEs: 1EXPL: 5CVE-2022-24934
https://notcve.org/view.php?id=CVE-2022-24934
23 Mar 2022 — wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. El ejecutable wpsupdater.exe en Kingsoft WPS Office versiones hasta 11.2.0.10382, permite una ejecución de código remota mediante la modificación de HKEY_CURRENT_USER en el registro • https://github.com/webraybtl/CVE-2022-24934 •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 0CVE-2014-2271
https://notcve.org/view.php?id=CVE-2014-2271
14 Jan 2020 — cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. cn.wps.moffice.common.beans.print.CloudPrintWebView en Kingsoft Office versión 5.3.1, como es usado en los dispositivo... • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-6390
https://notcve.org/view.php?id=CVE-2018-6390
29 Jan 2018 — The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. La función WStr::assign en kso.dll en Kingsoft WPS Office 10.1.0.7106 y 10.2.0.5978 no valida el tamaño del bloque de memoria de origen antes de una llamada _copy. Esto permite que ... • https://github.com/Khwarezmia/WPS_POC/tree/master/wps_20180129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6692
https://notcve.org/view.php?id=CVE-2014-6692
23 Sep 2014 — The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Kingsoft Clip (Office Tool) 1.5.1 (también conocida como cn.wps.clip) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través... • http://www.kb.cert.org/vuls/id/453929 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2005-2290
https://notcve.org/view.php?id=CVE-2005-2290
17 Jul 2005 — wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. wps_shop.cgi en WPS Web Portal System 0.7.0 permite que atacantes remotos ejecuten ordenes web de su elección mediante metacaracteres de 'shell' en la variable (1) "art" a (2) "cat". • http://marc.info/?l=bugtraq&m=112128870110418&w=2 •