- Description
- The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
[CVE-2025-2798: CRITICAL] Vulnerability in Woffice CRM WordPress theme allows unauthenticated users to register with Administrator role due to misconfiguration, posing a security risk.#cybersecurity,#vulnerability https://t.co/eD14YwqYZ4 https://t.co/qUA8X9Ga8s
@CveFindCom
7 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2798 The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded r… https://t.co/0vC7TrlC3y
@CVEnew
5 Apr 2025
251 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2798 ⚠️🔴 CRITICAL (9.8) 🏢 XTENDIFY - Woffice CRM 🏗️ * 🔗 https://t.co/FTHUIp8VlX 🔗 http://localhost/wp-content/themes/woffice/inc/classes/Woffice_Register.php#L405 🔗 https://t.co/FeMeMSusEW #CyberCron #VulnAlert #InfoSec https://t.co/mAWxt8fncs
@cybercronai
4 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2798 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-04 14:15:22 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/uflTTgMVSn
@vulns_space
4 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes