Wofficeio Woffice Core

7 CVEs affecting Wofficeio Woffice Core. Latest disclosed: 2026-01-08. Critical: 0, High: 3.

Top CVEs affecting Wofficeio Woffice Core
CVESeverityScorePublishedSummary
CVE-2025-2780High8.82025-04-04The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeatu…
CVE-2024-37470High8.22024-11-01Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core…
CVE-2024-37471High7.12024-07-04Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.
CVE-2025-7694Medium6.82025-08-02The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() fu…
CVE-2025-67919Medium6.52026-01-08Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control S…
CVE-2025-2797Medium5.42025-04-04The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incor…
CVE-2025-67566Medium5.32025-12-09Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a…