Wofficeio Woffice Core
7 CVEs affecting Wofficeio Woffice Core. Latest disclosed: 2026-01-08. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2780 | High | 8.8 | 2025-04-04 | The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeatu… |
CVE-2024-37470 | High | 8.2 | 2024-11-01 | Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core… |
CVE-2024-37471 | High | 7.1 | 2024-07-04 | Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8. |
CVE-2025-7694 | Medium | 6.8 | 2025-08-02 | The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() fu… |
CVE-2025-67919 | Medium | 6.5 | 2026-01-08 | Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control S… |
CVE-2025-2797 | Medium | 5.4 | 2025-04-04 | The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incor… |
CVE-2025-67566 | Medium | 5.3 | 2025-12-09 | Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a… |