VYPR
Vendor

Wondershare

Products
16
CVEs
35
Across products
37
Status
Private

Products

16

Recent CVEs

35
View all 35 CVEs →
  • CVE-2021-44596CriApr 29, 2022
    risk 0.69cvss 9.8epss 0.23

    Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to…

  • CVE-2021-44595HigApr 29, 2022
    risk 0.62cvss 8.8epss 0.21

    Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.

  • CVE-2022-50904HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run…

  • CVE-2022-50902HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious…

  • CVE-2022-50690HigDec 22, 2025
    risk 0.55cvss 8.4epss 0.00

    Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.

  • CVE-2023-31747HigMay 23, 2023
    risk 0.54cvss 7.8epss 0.01

    Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.

  • CVE-2023-27010HigMar 13, 2023
    risk 0.54cvss 7.8epss 0.01

    Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.

  • CVE-2020-36977HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious…

  • CVE-2020-23438HigMar 4, 2025
    risk 0.51cvss 7.8epss 0.00

    Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.

  • CVE-2025-0834HigJan 30, 2025
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This…

  • CVE-2024-26574HigApr 8, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe

  • CVE-2023-29835HigApr 26, 2023
    risk 0.51cvss 7.8epss 0.00

    Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.

  • CVE-2023-27771HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file.

  • CVE-2023-27770HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file.

  • CVE-2023-27769HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.

  • CVE-2023-27768HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file.

  • CVE-2023-27767HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.

  • CVE-2023-27766HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file.

  • CVE-2023-27765HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file.

  • CVE-2023-27764HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file.