Vulnerabilities > Webtoffee

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-13920 Path Traversal vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function.
network
low complexity
webtoffee CWE-22
4.9
2025-03-20 CVE-2024-13921 Deserialization of Untrusted Data vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter.
network
low complexity
webtoffee CWE-502
7.2
2025-03-20 CVE-2024-13922 External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0.
network
low complexity
webtoffee CWE-73
6.5
2025-03-20 CVE-2024-13923 Server-Side Request Forgery (SSRF) vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function.
network
low complexity
webtoffee CWE-918
6.5
2025-01-24 CVE-2025-24644 Cross-site Scripting vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS.
network
low complexity
webtoffee CWE-79
4.8
2024-05-17 CVE-2023-51546 Unspecified vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1.
network
low complexity
webtoffee
7.2
2024-03-27 CVE-2024-22288 Unspecified vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.
network
low complexity
webtoffee
6.1
2024-03-26 CVE-2024-30231 Unspecified vulnerability in Webtoffee Product Import Export for Woocommerce
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.
network
low complexity
webtoffee
7.2
2024-01-24 CVE-2024-22135 Unspecified vulnerability in Webtoffee Order Export & Order Import for Woocommerce
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.
network
low complexity
webtoffee
7.2
2024-01-24 CVE-2024-22152 Unspecified vulnerability in Webtoffee Product Import Export for Woocommerce
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.
network
low complexity
webtoffee
7.2