The Woffice CRM theme for WordPress has a security vulnerability that could allow unauthorized people to see the titles of messages sent from one user to another. The vulnerability exists in versions up to and including 4.0.1 and is caused by the lack of a capability check on the wofficeNotificationGet function.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
