CVE-2025-2798

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422	Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:xtendify:woffice:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2025-04-04 14:15

Updated : 2025-08-08 20:03

NVD link : CVE-2025-2798

Mitre link : CVE-2025-2798

CVE.ORG link : CVE-2025-2798

JSON object : View

Products Affected

xtendify

woffice

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-2798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-04-04T14:15:22.293", "references": [{"url": "https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422", "tags": ["Release Notes"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link."}, {"lang": "es", "value": "El tema Woffice CRM para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 5.4.21 incluida. Esto se debe a una configuraci\u00f3n incorrecta de los roles excluidos durante el registro. Esto permite que atacantes no autenticados se registren con un rol de administrador si se utiliza un formulario de inicio de sesi\u00f3n personalizado. Esto puede combinarse con CVE-2025-2797 para omitir el proceso de aprobaci\u00f3n de usuarios si se puede enga\u00f1ar a un administrador para que realice una acci\u00f3n como hacer clic en un enlace."}], "lastModified": "2025-08-08T20:03:09.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xtendify:woffice:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DF2CF954-7216-4D4A-9BB4-A4046F930A47", "versionEndExcluding": "5.4.22"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}