Vulnerabilities > Webtoffee > Order Export Order Import FOR Woocommerce > 1.6.1

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-13920 Path Traversal vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function.
network
low complexity
webtoffee CWE-22
4.9
4.9
2025-03-20 CVE-2024-13921 Deserialization of Untrusted Data vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter.
network
low complexity
webtoffee CWE-502
7.2
7.2
2025-03-20 CVE-2024-13922 External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0.
network
low complexity
webtoffee CWE-73
6.5
6.5
2025-03-20 CVE-2024-13923 Server-Side Request Forgery (SSRF) vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function.
network
low complexity
webtoffee CWE-918
6.5
6.5
2024-01-24 CVE-2024-22135 Unspecified vulnerability in Webtoffee Order Export & Order Import for Woocommerce
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.
network
low complexity
webtoffee
7.2
7.2