Every CVE whose affected-product data names Xtendify Woffice, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-43234 — CVSS 9.8 (critical): Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue…
CVE-2025-2798 — CVSS 9.8 (critical): The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a…
CVE-2024-43153 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
CVE-2025-2780 — CVSS 8.8 (high): The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type…
CVE-2024-37470 — CVSS 8.2 (high): Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue…
CVE-2024-37472 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice.This issue…
CVE-2024-37471 — CVSS 7.1 (high): Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through…
CVE-2025-7694 — CVSS 6.8 (medium): The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-2797 — CVSS 5.4 (medium): The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due…