Filtered by vendor Webtoffee
Subscriptions
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1972 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-08 | 2.7 Low |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | ||||
| CVE-2025-1973 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-08 | 4.9 Medium |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | ||||
| CVE-2025-24644 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2026-04-01 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce allows Stored XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through <= 4.7.1. | ||||
| CVE-2026-22480 | 2 Webtoffee, Wordpress | 2 Product Feed For Woocommerce, Wordpress | 2026-03-30 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-32441 | 2 Webtoffee, Wordpress | 2 Wordpress Comments Import And Export, Wordpress | 2026-03-30 | 7.7 High |
| Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9. | ||||
| CVE-2025-1913 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-12-05 | 7.2 High |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2024-30231 | 2 Webtoffee, Wordpress | 2 Product Import Export For Woocommerce, Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | ||||
| CVE-2025-1911 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-07-09 | 2.7 Low |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | ||||
| CVE-2024-22135 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-06-17 | 8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | ||||
| CVE-2024-8397 | 1 Webtoffee | 1 Gdpr Cookie Consent | 2025-06-12 | 5.4 Medium |
| The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context. | ||||
| CVE-2024-8286 | 1 Webtoffee | 1 Gdpr Cookie Consent | 2025-06-12 | 6.5 Medium |
| The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks | ||||
| CVE-2024-22152 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-05-23 | 8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | ||||
| CVE-2024-31254 | 1 Webtoffee | 1 Backup And Migration | 2025-04-08 | 3.7 Low |
| Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | ||||
| CVE-2024-13920 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-03-27 | 4.9 Medium |
| The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | ||||
| CVE-2024-13921 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-03-26 | 7.2 High |
| The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2022-45370 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2025-02-19 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | ||||
| CVE-2023-51546 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-02-11 | 7.2 High |
| Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | ||||
| CVE-2024-22288 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-02-10 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. | ||||
| CVE-2023-4040 | 1 Webtoffee | 1 Stripe Payment Plugin For Woocommerce | 2025-02-05 | 5.3 Medium |
| The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders. | ||||
| CVE-2023-5738 | 1 Webtoffee | 1 Backup And Migration | 2024-11-21 | 5.4 Medium |
| The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | ||||