Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WofficeIO — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting WofficeIO. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WofficeIO is a WordPress project management and collaboration plugin with 11 documented CVEs. Its core function is to streamline team workflows through task management, file sharing, and communication tools. Historically, vulnerabilities have included stored cross-site scripting (XSS), arbitrary file uploads leading to remote code execution (RCE), and privilege escalation flaws. Security assessments reveal consistent issues with insufficient input validation and improper access controls. While no major public incidents have been widely reported, the pattern of vulnerabilities suggests potential for significant compromise if exploited. Regular updates and careful configuration remain critical for secure deployment.

Top products by WofficeIO: Woffice Core Woffice
CVE IDTitleCVSSSeverityPublished
CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability — WofficeCWE-79 7.1 High2026-01-08
CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability — Woffice CoreCWE-639 6.5 Medium2026-01-08
CVE-2025-67566 WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability — Woffice CoreCWE-862 5.3 Medium2025-12-09
CVE-2025-7694 Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion — Woffice CoreCWE-22 6.8 Medium2025-08-02
CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload — Woffice CoreCWE-434 8.8 High2025-04-04
CVE-2025-2797 Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval — Woffice CoreCWE-352 5.4 Medium2025-04-04
CVE-2024-43234 WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability — WofficeCWE-288 9.8 Critical2024-12-16
CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability — Woffice CoreCWE-862 8.2 High2024-11-01
CVE-2024-43153 WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability — WofficeCWE-266 9.8 Critical2024-08-13
CVE-2024-37471 WordPress Woffice Core plugin <= 5.4.8 - Site Wide Reflected Cross Site Scripting (XSS) vulnerability — Woffice Core 7.1 High2024-07-04
CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability — WofficeCWE-79 7.1 High2024-07-04

This page lists every published CVE security advisory associated with WofficeIO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.