Product
xtendify woffice
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-7694
CVE-2025-2798
CVE-2025-2797
CVE-2025-2780
CVE-2024-43234
CVE-2024-37470
CVE-2024-43153
CVE-2024-37472
CVE-2024-37471
< 5.4.27
The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wof
< 5.4.22
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is d
< 5.4.22
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. Th
< 5.4.22
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type
< 5.4.15
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.T
< 5.4.9
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This
< 5.4.12
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
< 5.4.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice.Th
< 5.4.9
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a