📦 Woffice

This vulnerability allows unauthenticated attackers to bypass authentication mechanisms in the Woffice WordPress theme, potentially gaining administrative access to affected WordPress sites. All WordP...

The Woffice Core plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing file type validation. This can...

This vulnerability allows unauthenticated attackers to access functionality that should be restricted by proper authorization controls in the Woffice Core WordPress plugin. It affects all WordPress si...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Woffice Core WordPress plugin. Attackers can inject malicious scripts via crafted URLs that execute when victims visit th...

The Woffice Core WordPress plugin allows authenticated attackers with Contributor-level access or higher to delete arbitrary server files due to insufficient path validation in the woffice_file_manage...