- Description
- The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2025-2798 The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded rโฆ https://t.co/0vC7TrlC3y
@CVEnew
5 Apr 2025
249 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-2798 โ ๏ธ๐ด CRITICAL (9.8) ๐ข XTENDIFY - Woffice CRM ๐๏ธ * ๐ https://t.co/FTHUIp8VlX ๐ http://localhost/wp-content/themes/woffice/inc/classes/Woffice_Register.php#L405 ๐ https://t.co/FeMeMSusEW #CyberCron #VulnAlert #InfoSec https://t.co/mAWxt8fncs
@cybercronai
4 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-2798 - WordPress - HIGH ๐จ ๐๏ธ Date published 2025-04-04 14:15:22 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/uflTTgMVSn
@vulns_space
4 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes