WPS Office
by WPS Office
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31275 | Hig | 0.57 | 8.8 | 0.02 | Nov 27, 2023 | An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this… | ||
| CVE-2023-32548 | Hig | 0.53 | 8.1 | 0.01 | Jun 13, 2023 | OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where… | ||
| CVE-2024-35205 | Hig | 0.51 | 7.8 | 0.01 | May 14, 2024 | The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a… | ||
| CVE-2022-26081 | Hig | 0.51 | 7.8 | 0.01 | Mar 17, 2022 | The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | ||
| CVE-2022-25969 | Hig | 0.51 | 7.8 | 0.01 | Mar 17, 2022 | The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | ||
| CVE-2022-25943 | Hig | 0.51 | 7.8 | 0.01 | Mar 9, 2022 | The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | ||
| CVE-2024-57096 | Med | 0.36 | 5.5 | 0.00 | May 14, 2025 | An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. |
- risk 0.57cvss 8.8epss 0.02
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this…
- risk 0.53cvss 8.1epss 0.01
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where…
- risk 0.51cvss 7.8epss 0.01
The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a…
- risk 0.51cvss 7.8epss 0.01
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
- risk 0.51cvss 7.8epss 0.01
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
- risk 0.51cvss 7.8epss 0.01
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
- risk 0.36cvss 5.5epss 0.00
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.