Vulnerabilities > Webtoffee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-13920 | Path Traversal vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. | 4.9 |
| 2025-03-20 | CVE-2024-13921 | Deserialization of Untrusted Data vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. | 7.2 |
| 2025-03-20 | CVE-2024-13922 | External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. | 6.5 |
| 2025-03-20 | CVE-2024-13923 | Server-Side Request Forgery (SSRF) vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. | 6.5 |
| 2025-01-24 | CVE-2025-24644 | Cross-site Scripting vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. | 4.8 |
| 2024-05-17 | CVE-2023-51546 | Unspecified vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | 7.2 |
| 2024-03-27 | CVE-2024-22288 | Unspecified vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. | 6.1 |
| 2024-03-26 | CVE-2024-30231 | Unspecified vulnerability in Webtoffee Product Import Export for Woocommerce Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | 7.2 |
| 2024-01-24 | CVE-2024-22135 | Unspecified vulnerability in Webtoffee Order Export & Order Import for Woocommerce Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | 7.2 |
| 2024-01-24 | CVE-2024-22152 | Unspecified vulnerability in Webtoffee Product Import Export for Woocommerce Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | 7.2 |