Name of the Vulnerable Software and Affected Versions:

Woffice Core plugin for WordPress versions prior to 5.4.26

Description:

The Woffice Core plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the `woffice file manager delete()` function. Authenticated attackers possessing Contributor-level access or higher can delete arbitrary files on the server. Deletion of specific files, such as wp-config.php, could potentially lead to remote code execution.

Recommendations:

Update the Woffice Core plugin to a version later than 5.4.26.