CVE-2024-7262

UNKNOWN 0.0

⚠️ CISA KEV

Arbitrary Code Execution in WPS Office

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

CWE	CWE-22
Vendor	kingsoft
Product	wps office
Published	Aug 15, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for kingsoft wps office

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-7262.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Kingsoft / WPS Office

12.2.0.13110 < 12.2.0.16412

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wps.com: https://www.wps.com/whatsnew/pc/20240422/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262

Credits

Romain DUMONT (ESET)