Vendor CVEs
Wordapp
All CVEs
25 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2987 | Cri | 0.57 | 9.8 | 0.01 | May 31, 2023 | The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the… | ||
| CVE-2018-8909 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2018 | The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. | ||
| CVE-2026-35049 | Med | 0.42 | 6.5 | 0.00 | Jun 2, 2026 | wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically… | ||
| CVE-2025-48061 | Med | 0.29 | 5.6 | 0.00 | May 22, 2025 | wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the… | ||
| CVE-2025-30927 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0. | ||
| CVE-2025-49846 | Med | 0.20 | — | 0.00 | Jul 3, 2025 | wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself… | ||
| CVE-2025-48066 | 0.00 | — | 0.00 | May 22, 2025 | wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for… | |||
| CVE-2023-48221 | 0.00 | — | 0.01 | Nov 20, 2023 | wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary… | |||
| CVE-2022-39380 | 0.00 | — | 0.01 | Jan 27, 2023 | Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The… | |||
| CVE-2022-29168 | 0.00 | — | 0.01 | Jun 25, 2022 | Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context… | |||
| CVE-2022-31009 | 0.00 | — | 0.01 | Jun 23, 2022 | wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent… | |||
| CVE-2022-24799 | 0.00 | — | 0.01 | Apr 20, 2022 | wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and… | |||
| CVE-2022-23625 | 0.00 | — | 0.01 | Mar 11, 2022 | Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can… | |||
| CVE-2021-41193 | 0.00 | — | 0.02 | Mar 1, 2022 | wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs… | |||
| CVE-2022-23605 | 0.00 | — | 0.00 | Feb 4, 2022 | Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might… | |||
| CVE-2021-41094 | 0.00 | — | 0.00 | Oct 4, 2021 | Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave,… | |||
| CVE-2021-41093 | 0.00 | — | 0.01 | Oct 4, 2021 | Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an… | |||
| CVE-2021-32755 | 0.00 | — | 0.00 | Jul 13, 2021 | Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or… | |||
| CVE-2021-32683 | 0.00 | — | 0.01 | Jun 15, 2021 | wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste… | |||
| CVE-2021-32666 | 0.00 | — | 0.01 | Jun 3, 2021 | wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it… | |||
| CVE-2021-32665 | 0.00 | — | 0.00 | Jun 3, 2021 | wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an… | |||
| CVE-2021-21400 | 0.00 | — | 0.01 | Apr 2, 2021 | wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does… | |||
| CVE-2021-21301 | 0.00 | — | 0.01 | Feb 11, 2021 | Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video… | |||
| CVE-2020-27853 | 0.00 | — | 0.04 | Oct 27, 2020 | Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before… | |||
| CVE-2020-15258 | 0.00 | — | 0.02 | Oct 16, 2020 | In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL… |
- risk 0.57cvss 9.8epss 0.01
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the…
- risk 0.49cvss 7.5epss 0.02
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
- risk 0.42cvss 6.5epss 0.00
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically…
- risk 0.29cvss 5.6epss 0.00
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0.
- risk 0.20cvss —epss 0.00
wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself…
- CVE-2025-48066May 22, 2025risk 0.00cvss —epss 0.00
wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for…
- CVE-2023-48221Nov 20, 2023risk 0.00cvss —epss 0.01
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary…
- CVE-2022-39380Jan 27, 2023risk 0.00cvss —epss 0.01
Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The…
- CVE-2022-29168Jun 25, 2022risk 0.00cvss —epss 0.01
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context…
- CVE-2022-31009Jun 23, 2022risk 0.00cvss —epss 0.01
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent…
- CVE-2022-24799Apr 20, 2022risk 0.00cvss —epss 0.01
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and…
- CVE-2022-23625Mar 11, 2022risk 0.00cvss —epss 0.01
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can…
- CVE-2021-41193Mar 1, 2022risk 0.00cvss —epss 0.02
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs…
- CVE-2022-23605Feb 4, 2022risk 0.00cvss —epss 0.00
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might…
- CVE-2021-41094Oct 4, 2021risk 0.00cvss —epss 0.00
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave,…
- CVE-2021-41093Oct 4, 2021risk 0.00cvss —epss 0.01
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an…
- CVE-2021-32755Jul 13, 2021risk 0.00cvss —epss 0.00
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or…
- CVE-2021-32683Jun 15, 2021risk 0.00cvss —epss 0.01
wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste…
- CVE-2021-32666Jun 3, 2021risk 0.00cvss —epss 0.01
wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it…
- CVE-2021-32665Jun 3, 2021risk 0.00cvss —epss 0.00
wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an…
- CVE-2021-21400Apr 2, 2021risk 0.00cvss —epss 0.01
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does…
- CVE-2021-21301Feb 11, 2021risk 0.00cvss —epss 0.01
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video…
- CVE-2020-27853Oct 27, 2020risk 0.00cvss —epss 0.04
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before…
- CVE-2020-15258Oct 16, 2020risk 0.00cvss —epss 0.02
In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL…