Unrated severityNVD Advisory· Published Apr 4, 2025· Updated Apr 8, 2026
Woffice <= 5.4.21 - Authentication Bypass via Registration Role
CVE-2025-2798
Description
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=5.4.21
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.