All 7 CVE vulnerabilities found in Woffice Core, with AI-generated Chinese analysis, references, and POCs.
Vendor: WofficeIO
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67919 | WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability CWE-639 | 6.5 | Medium | 2026-01-08 |
| CVE-2025-67566 | WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability CWE-862 | 5.3 | Medium | 2025-12-09 |
| CVE-2025-7694 | Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion CWE-22 | 6.8 | Medium | 2025-08-02 |
| CVE-2025-2780 | Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 | 8.8 | High | 2025-04-04 |
| CVE-2025-2797 | Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval CWE-352 | 5.4 | Medium | 2025-04-04 |
| CVE-2024-37470 | WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability CWE-862 | 8.2 | High | 2024-11-01 |
| CVE-2024-37471 | WordPress Woffice Core plugin <= 5.4.8 - Site Wide Reflected Cross Site Scripting (XSS) vulnerability | 7.1 | High | 2024-07-04 |
All 7 known CVE vulnerabilities affecting Woffice Core with full Chinese analysis, references, and POCs where available.