Droip

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-5835	WordPress Droip	Hig	0.57	8.8	0.00		Jul 25, 2025	The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-5831	WordPress Droip	Hig	0.57	8.8	0.01		Jul 25, 2025	The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and…

CVE-2025-5835HigJul 25, 2025
WordPress
Droip
risk 0.57cvss 8.8epss 0.00
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-5831HigJul 25, 2025
WordPress
Droip
risk 0.57cvss 8.8epss 0.01
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and…