CVE-2024-43234
WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerabilityAuthentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
We have discovered 420 live websites that are affected by CVE-2024-43234.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 420 live websites (100% of Woffice install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-288 Authentication Bypass Using an Alternate Path or ChannelDetails
- Published - Dec 16, 2024
- Updated - Dec 20, 2024
Credits
- Rafie Muhammad (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-43234 United States | 124 websites |
 France | 55 websites |
 Germany | 35 websites |
 Netherlands | 27 websites |
 Portugal | 24 websites |
 Australia | 22 websites |
 Spain | 20 websites |
 Italy | 14 websites |
 GB | 14 websites |
 Brazil | 10 websites |
Website Distribution by TLD
Number of websites using CVE-2024-43234| .com | 144 websites |
| .org | 37 websites |
| .fr | 24 websites |
| .com.au | 18 websites |
| .de | 17 websites |
| .nl | 14 websites |
| .es | 13 websites |
| .net | 13 websites |
| .eu | 10 websites |
| .it | 6 websites |
Websites affected by CVE-2024-43234
Top websites that are affected by CVE-2024-43234. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | Italy | ***,*** | |
| ********.**********.com | GB | ***,*** | |
| *****.*******.com | France | ***,*** | |
| ***************.de | Germany | ***,*** | |
| *******.pt | Portugal | ***,*** | |
| **.**************.pt | Portugal | *,***,*** | |
| **********.com | United States | *,***,*** | |
| *******************************.fr | France | *,***,*** | |
| *****.***.br | Brazil | *,***,*** | |
| ****.*********.it | Italy | *,***,*** |
FAQ
CVE-2024-43234 is Authentication Bypass Using an Alternate Path or Channel in Woffice
A total of 420 websites have been identified as vulnerable to CVE-2024-43234, based on global website indexing conducted by WebTechSurvey.
The Woffice is affected by the CVE-2024-43234 vulnerability.
Woffice versions up to and including 5.4.14 are vulnerable to CVE-2024-43234.