Browse all 11 CVE security advisories affecting WofficeIO. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WofficeIO is a WordPress project management and collaboration plugin with 11 documented CVEs. Its core function is to streamline team workflows through task management, file sharing, and communication tools. Historically, vulnerabilities have included stored cross-site scripting (XSS), arbitrary file uploads leading to remote code execution (RCE), and privilege escalation flaws. Security assessments reveal consistent issues with insufficient input validation and improper access controls. While no major public incidents have been widely reported, the pattern of vulnerabilities suggests potential for significant compromise if exploited. Regular updates and careful configuration remain critical for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67918 | WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability — WofficeCWE-79 | 7.1 | High | 2026-01-08 |
| CVE-2024-43234 | WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability — WofficeCWE-288 | 9.8 | Critical | 2024-12-16 |
| CVE-2024-43153 | WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability — WofficeCWE-266 | 9.8 | Critical | 2024-08-13 |
| CVE-2024-37472 | WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability — WofficeCWE-79 | 7.1 | High | 2024-07-04 |
This page lists every published CVE security advisory associated with WofficeIO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.