CVE-2025-5835
- EPSS 0.08%
- Veröffentlicht 25.07.2025 07:15:27
- Zuletzt bearbeitet 08.04.2026 19:24:23
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated att...
CVE-2025-5831
- EPSS 0.51%
- Veröffentlicht 25.07.2025 07:15:26
- Zuletzt bearbeitet 08.04.2026 19:24:23
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, wit...
CVE-2024-43954
- EPSS 0.25%
- Veröffentlicht 29.08.2024 16:15:09
- Zuletzt bearbeitet 30.08.2024 16:24:37
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
CVE-2024-43955
- EPSS 1.13%
- Veröffentlicht 29.08.2024 16:15:09
- Zuletzt bearbeitet 30.08.2024 16:23:35
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.