VYPR

Vendor CVEs

Wordapp

All CVEs

25 total · sorted by risk
  • CVE-2023-2987CriMay 31, 2023
    risk 0.57cvss 9.8epss 0.01

    The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the…

  • CVE-2018-8909HigMar 22, 2018
    risk 0.49cvss 7.5epss 0.02

    The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.

  • CVE-2026-35049MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically…

  • CVE-2025-48061MedMay 22, 2025
    risk 0.29cvss 5.6epss 0.00

    wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the…

  • CVE-2025-30927MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0.

  • CVE-2025-49846MedJul 3, 2025
    risk 0.20cvss epss 0.00

    wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself…

  • CVE-2025-48066May 22, 2025
    risk 0.00cvss epss 0.00

    wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for…

  • CVE-2023-48221Nov 20, 2023
    risk 0.00cvss epss 0.01

    wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary…

  • CVE-2022-39380Jan 27, 2023
    risk 0.00cvss epss 0.01

    Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The…

  • CVE-2022-29168Jun 25, 2022
    risk 0.00cvss epss 0.01

    Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context…

  • CVE-2022-31009Jun 23, 2022
    risk 0.00cvss epss 0.01

    wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent…

  • CVE-2022-24799Apr 20, 2022
    risk 0.00cvss epss 0.01

    wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and…

  • CVE-2022-23625Mar 11, 2022
    risk 0.00cvss epss 0.01

    Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can…

  • CVE-2021-41193Mar 1, 2022
    risk 0.00cvss epss 0.02

    wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs…

  • CVE-2022-23605Feb 4, 2022
    risk 0.00cvss epss 0.00

    Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might…

  • CVE-2021-41094Oct 4, 2021
    risk 0.00cvss epss 0.00

    Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave,…

  • CVE-2021-41093Oct 4, 2021
    risk 0.00cvss epss 0.01

    Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an…

  • CVE-2021-32755Jul 13, 2021
    risk 0.00cvss epss 0.00

    Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or…

  • CVE-2021-32683Jun 15, 2021
    risk 0.00cvss epss 0.01

    wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste…

  • CVE-2021-32666Jun 3, 2021
    risk 0.00cvss epss 0.01

    wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it…

  • CVE-2021-32665Jun 3, 2021
    risk 0.00cvss epss 0.00

    wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an…

  • CVE-2021-21400Apr 2, 2021
    risk 0.00cvss epss 0.01

    wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does…

  • CVE-2021-21301Feb 11, 2021
    risk 0.00cvss epss 0.01

    Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video…

  • CVE-2020-27853Oct 27, 2020
    risk 0.00cvss epss 0.04

    Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before…

  • CVE-2020-15258Oct 16, 2020
    risk 0.00cvss epss 0.02

    In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL…