Security Links
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.

Strobes Blog

Check out the latest news & insights from cybersecurity world. Stay ahead in the digital realm with our latest blogs. Explore insightful updates, practical tips, and expert tricks on cybersecurity. Enhance your online security knowledge today!

Visit Website