VYPR
Vendor

WPS Office

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2023-31275HigNov 27, 2023
    risk 0.57cvss 8.8epss 0.02

    An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this…

  • CVE-2023-32548HigJun 13, 2023
    risk 0.53cvss 8.1epss 0.01

    OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where…

  • CVE-2024-35205HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.01

    The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a…

  • CVE-2022-26081HigMar 17, 2022
    risk 0.51cvss 7.8epss 0.01

    The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

  • CVE-2022-25969HigMar 17, 2022
    risk 0.51cvss 7.8epss 0.01

    The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

  • CVE-2022-25943HigMar 9, 2022
    risk 0.51cvss 7.8epss 0.01

    The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

  • CVE-2024-57096MedMay 14, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.