ByteOS Network

CVE-2024-43234

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-9.8||CRITICAL

EPSS-0.30% / 52.57%

||

7 Day CHG+0.05%

Published-16 Dec, 2024 | 15:36

Updated-08 Aug, 2025 | 16:52

WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.

Vendor-xtendify WofficeIO

Product-woffice Woffice

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CVE-2024-43153

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-9.8||CRITICAL

EPSS-0.32% / 54.14%

||

7 Day CHG~0.00%

Published-13 Aug, 2024 | 11:39

Updated-09 Aug, 2025 | 01:42

WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.

Vendor-xtendify WofficeIO

Product-woffice Woffice

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-37472

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.15% / 36.68%

||

7 Day CHG~0.00%

Published-04 Jul, 2024 | 18:48

Updated-27 Mar, 2025 | 16:15

WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.

Vendor-xtendify WofficeIO

Product-woffice Woffice

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

N/A

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -