Kingsoft Wps Office

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Kingsoft Wps Office.

By the Year

In 2025 there have been 0 vulnerabilities in Kingsoft Wps Office. Last year, in 2024 Wps Office had 2 security vulnerabilities published. Right now, Wps Office is on track to have less security vulnerabilities in 2025 than it did last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	2	7.80
2023	2	7.95
2022	3	7.80
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	1	5.50

It may take a day or so for new Wps Office vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Kingsoft Wps Office Security Vulnerabilities

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows

CVE-2024-7263 7.8 - High - August 15, 2024

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.

Directory traversal

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows

CVE-2024-7262 7.8 - High - August 15, 2024

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

Directory traversal

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537

CVE-2023-31275 7.8 - High - November 27, 2023

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

Use of Uninitialized Resource

OS command injection vulnerability exists in WPS Office version 10.8.0.6186

CVE-2023-32548 8.1 - High - June 13, 2023

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.

Shell injection

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs)

CVE-2022-25969 7.8 - High - March 17, 2022

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

DLL preloading

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll

CVE-2022-26081 7.8 - High - March 17, 2022

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

DLL preloading

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

CVE-2022-25943 7.8 - High - March 09, 2022

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

Incorrect Default Permissions

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621

CVE-2018-7546 5.5 - Medium - July 18, 2018

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Kingsoft Wps Office or by Kingsoft? Click the Watch button to subscribe.

Kingsoft
Vendor

Kingsoft Wps Office
Product

Kingsoft Wps Office

Don't miss out!

By the Year

Recent Kingsoft Wps Office Security Vulnerabilities

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows CVE-2024-7263 7.8 - High - August 15, 2024

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows CVE-2024-7262 7.8 - High - August 15, 2024

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 CVE-2023-31275 7.8 - High - November 27, 2023

OS command injection vulnerability exists in WPS Office version 10.8.0.6186 CVE-2023-32548 8.1 - High - June 13, 2023

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs) CVE-2022-25969 7.8 - High - March 17, 2022

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll CVE-2022-26081 7.8 - High - March 17, 2022

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. CVE-2022-25943 7.8 - High - March 09, 2022

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 CVE-2018-7546 5.5 - Medium - July 18, 2018