Browse all 3 CVE security advisories affecting wpo365. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPO365 serves as a security plugin for Microsoft 365 environments, enhancing protection against data breaches and compliance risks. Historically, vulnerabilities have included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from improper input validation and access control issues. The product has addressed three CVEs to date, with notable incidents involving insecure default configurations that could allow unauthorized access. WPO365's security posture emphasizes granular permission controls and encryption, though its effectiveness depends on proper implementation and ongoing maintenance. Organizations should prioritize regular updates and configuration reviews to mitigate potential risks associated with its deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1488 | WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter — WPO365 | MICROSOFT 365 GRAPH MAILERCWE-601 | 4.7 | Medium | 2025-02-24 |
| CVE-2024-4706 | WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode — WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)CWE-79 | 6.4 | Medium | 2024-05-23 |
| CVE-2023-32119 | WordPress WPO365 | Mail Integration for Office 365 / Outlook Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) — WPO365 | Mail Integration for Office 365 / OutlookCWE-79 | 5.8 | Medium | 2023-08-23 |
This page lists every published CVE security advisory associated with wpo365. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.