{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7694", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-15T20:01:09.691Z", "datePublished": "2025-08-02T03:28:18.889Z", "dateUpdated": "2026-04-08T16:48:45.085Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:45.085Z"}, "affected": [{"vendor": "WofficeIO", "product": "Woffice Core", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.4.26", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "title": "Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41a362cf-e27e-436a-85f1-7c48e2e098eb?source=cve"}, {"url": "https://hub.woffice.io/woffice/changelog"}, {"url": "https://themeforest.net/item/woffice-intranetextranet-wordpress-theme/11671924"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)"}], "timeline": [{"time": "2025-07-24T13:24:07.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-01T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-04T15:19:11.512803Z", "id": "CVE-2025-7694", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T15:19:17.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7694", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-04T15:19:11.512803Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T15:19:14.912Z"}}], "cna": {"title": "Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"}}], "affected": [{"vendor": "WofficeIO", "product": "Woffice Core", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.4.26"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-24T13:24:07.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-01T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41a362cf-e27e-436a-85f1-7c48e2e098eb?source=cve"}, {"url": "https://hub.woffice.io/woffice/changelog"}, {"url": "https://themeforest.net/item/woffice-intranetextranet-wordpress-theme/11671924"}], "descriptions": [{"lang": "en", "value": "The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:45.085Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7694", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:48:45.085Z", "dateReserved": "2025-07-15T20:01:09.691Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-02T03:28:18.889Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xtendify:woffice:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "74AFE45B-BBBD-4759-9EFF-97255AAD51D3", "versionEndExcluding": "5.4.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}, {"lang": "es", "value": "El complemento Woffice Core para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n woffice_file_manager_delete() en todas las versiones hasta la 5.4.26 incluida. Esto permite que atacantes autenticados, con acceso de Colaborador o superior, eliminen archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo al eliminar el archivo correcto (como wp-config.php)."}], "id": "CVE-2025-7694", "lastModified": "2025-08-12T17:49:17.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-02T04:15:37.300", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://hub.woffice.io/woffice/changelog"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themeforest.net/item/woffice-intranetextranet-wordpress-theme/11671924"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41a362cf-e27e-436a-85f1-7c48e2e098eb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:45:00.365113+00:00", "value": {"mitigation_remediation": ["Upgrade the Woffice Core plugin to the latest version (5.4.27 or later) where the file path validation is fixed.", "Restrict file system permissions for the WordPress upload and plugin directories to prevent deletion by non\u2011administrative users.", "If an immediate update is unavailable, disable or remove the file manager feature for all users below administrator level until the patch is applied.", "Verify that contributors cannot reach the file management endpoint by adjusting the plugin settings or applying an access\u2011control plugin."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects all installations of the Woffice Core plugin for WordPress up to and including version 5.4.26. The affected product is the Woffice Core plugin from WofficeIO, deployed on WordPress sites. No other products or versions are listed.", "description_and_impact": "The vulnerability exists in the woffice_file_manager_delete() function of the Woffice Core WordPress plugin. Insufficient validation of the file path allows an authenticated user with Contributor-level access or higher to specify arbitrary paths, causing the plugin to delete the target file. This can result in deletion of critical WordPress files, such as wp\u2011config.php, thereby enabling remote code execution. The flaw is a classic path traversal issue identified as CWE\u201122.", "risk_and_exploitability": "The CVSS score of 6.8 denotes a medium severity vulnerability, while the EPSS score of less than 1% indicates low perceived likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers must be authenticated with at least Contributor privileges, so the attack vector is local. Given the potential for deleting core configuration files, successful exploitation could lead to remote code execution if the attacker removes wp-config.php or similar files. However, the probabilistic exploitation likelihood remains low at present."}}}}, "created": "2025-08-04T08:49:32.501052+00:00", "updated": "2026-04-21T03:45:27.387510+00:00", "vendors": ["wofficeio", "wofficeio$PRODUCT$woffice_core", "wordpress", "wordpress$PRODUCT$wordpress"]}