← Back

Wondershare

wondershare

30 CVEs • 15 products

Products (15)

Click to collapse
Toggle
Dr.fone
dr.fone
8 CVEs
Filmora
filmora
5 CVEs
Mobiletrans
mobiletrans
3 CVEs
Repairit
repairit
3 CVEs
Edrawmind
edrawmind
1 CVE
Uniconverter
uniconverter
1 CVE
Democreator
democreator
1 CVE
Recoverit
recoverit
1 CVE
Anireel
anireel
1 CVE
Pdfelement
pdfelement
1 CVE
Pdf Reader
pdf_reader
1 CVE
Edraw Max
edraw-max
1 CVE
Creative Centerr
creative_centerr
1 CVE
Edraw
edraw
1 CVE
Mobilego
mobilego
1 CVE

CVEs (30)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25344
1Wondershare
1Mobilego
Feb 26, 2026
Feb 12, 2026
8.5 HIGH· v4
7.8 HIGH· v3
N/A· v2
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malic...Show more
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.Show less
CVE-2022-50903
1Wondershare
1Mobiletrans
Jan 28, 2026
Jan 13, 2026
8.5 HIGH· v4
7.8 HIGH· v3
N/A· v2
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquote...Show more
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.Show less
CVE-2022-50901
1Wondershare
1Dr.fone
Jan 28, 2026
Jan 13, 2026
8.5 HIGH· v4
7.8 HIGH· v3
N/A· v2
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (...Show more
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.Show less
CVE-2022-50900
1Wondershare
1Dr.fone
Jan 28, 2026
Jan 13, 2026
8.5 HIGH· v4
7.8 HIGH· v3
N/A· v2
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to inser...Show more
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.Show less
CVE-2025-10644
1Wondershare
1Repairit
Sep 19, 2025
Sep 17, 2025
N/A· v4
9.4 CRITICAL· v3
N/A· v2
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not requi...Show more
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack and execute arbitrary code on customers' endpoints. Was ZDI-CAN-26892.Show less
CVE-2025-10643
1Wondershare
1Repairit
Sep 19, 2025
Sep 17, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authenticat...Show more
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to a storage account token. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26902.Show less
CVE-2025-5180
1Wondershare
1Filmora
Jun 3, 2025
May 26, 2025
7.3 HIGH· v4
7.3 HIGH· v3
6.0 MEDIUM· v2
A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component...Show more
A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2020-23438
1Wondershare
1Filmora
Mar 26, 2025
Mar 4, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.
CVE-2024-24122
1Wondershare
1Edraw
Nov 21, 2024
Oct 2, 2024
N/A· v4
3.3 LOW· v3
N/A· v2
A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can...Show more
A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script.Show less
CVE-2024-26574
1Wondershare
1Filmora
Mar 28, 2025
Apr 8, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
CVE-2023-31748
1Wondershare
1Mobiletrans
Jan 31, 2025
May 24, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.
CVE-2023-31747
1Wondershare
1Filmora
Jan 21, 2025
May 23, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privi...Show more
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.Show less
CVE-2023-29835
1Wondershare
1Dr.fone
Feb 3, 2025
Apr 26, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
CVE-2023-27771
1Wondershare
1Creative Centerr
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file.
CVE-2023-27770
1Wondershare
1Edraw Max
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file.
CVE-2023-27769
1Wondershare
1Pdf Reader
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.
CVE-2023-27768
1Wondershare
1Pdfelement
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file.
CVE-2023-27767
1Wondershare
1Dr.fone
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.
CVE-2023-27766
1Wondershare
1Anireel
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file.
CVE-2023-27765
1Wondershare
1Recoverit
Feb 13, 2025
Apr 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file.