{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2798", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-25T18:00:21.111Z", "datePublished": "2025-04-04T13:44:36.480Z", "dateUpdated": "2026-04-08T16:59:32.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:32.879Z"}, "affected": [{"vendor": "XTENDIFY", "product": "Woffice CRM", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.4.21", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link."}], "title": "Woffice <= 5.4.21 - Authentication Bypass via Registration Role", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve"}, {"url": "https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-04-03T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T14:28:09.360093Z", "id": "CVE-2025-2798", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T14:45:49.471Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-04T14:28:09.360093Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T14:28:11.204Z"}}], "cna": {"title": "Woffice <= 5.4.21 - Authentication Bypass via Registration Role", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "XTENDIFY", "product": "Woffice CRM", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.4.21"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-03T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve"}, {"url": "https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422"}], "descriptions": [{"lang": "en", "value": "The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:32.879Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2798", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:59:32.879Z", "dateReserved": "2025-03-25T18:00:21.111Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-04T13:44:36.480Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xtendify:woffice:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DF2CF954-7216-4D4A-9BB4-A4046F930A47", "versionEndExcluding": "5.4.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link."}, {"lang": "es", "value": "El tema Woffice CRM para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 5.4.21 incluida. Esto se debe a una configuraci\u00f3n incorrecta de los roles excluidos durante el registro. Esto permite que atacantes no autenticados se registren con un rol de administrador si se utiliza un formulario de inicio de sesi\u00f3n personalizado. Esto puede combinarse con CVE-2025-2797 para omitir el proceso de aprobaci\u00f3n de usuarios si se puede enga\u00f1ar a un administrador para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-2798", "lastModified": "2025-08-08T20:03:09.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-04T14:15:22.293", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:27:52.164136+00:00", "value": {"mitigation_remediation": ["Apply the advertised patch by upgrading Woffice to 5.4.22 or later, as referenced in the changelog.", "If an upgrade is not immediately feasible, reconfigure the registration process to exclude the Administrator role by editing the theme settings or applying a role\u2011restriction plugin so that new users cannot be created with elevated permissions.", "Perform an audit of all existing user accounts, identify any Administrator accounts that may have been created through the vulnerability, and either re\u2011assign or delete those accounts to limit the risk of unauthorized control."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The issue affects the XTENDIFY Woffice CRM theme for WordPress. All releases from the earliest through 5.4.21 are vulnerable; users running any of those versions should review and upgrade.", "description_and_impact": "The vulnerability stems from a misconfigured exclusion list that permits new registrations to receive an Administrator role, allowing unauthenticated users to create accounts with full administrative privileges through a custom login form. The flaw represents a classic authentication bypass (CWE\u2011269) that elevates privilege without legitimate approval.", "risk_and_exploitability": "The CVSS score of 9.8 signals a critical weakness. The EPSS score of 1% indicates a small but non\u2011negligible chance of exploitation. Although not listed in the CISA KEV catalog, the ability to create administrator accounts from the front\u2011end and combine with a second flaw (CVE\u20112025\u20112797) makes it an attractive target. Access requires an unauthenticated web request to the registration endpoint, and the attacker needs a custom login form to trigger the bypass."}}}}, "created": "2026-04-21T21:30:45.748264+00:00", "updated": "2026-04-21T21:30:45.748275+00:00", "vendors": []}