Every CVE whose affected-product data names Themeum Droip, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-43955 — CVSS 10.0 (critical): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This…
CVE-2025-5831 — CVSS 8.8 (high): The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline()…
CVE-2025-5835 — CVSS 8.8 (high): The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the…
CVE-2024-43954 — CVSS 6.3 (medium): Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects…