Vulnerabilities > Webtoffee > Order Export Order Import FOR Woocommerce > 2.4.4

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-20	CVE-2024-13920	Path Traversal vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. network low complexity webtoffee CWE-22	4.9
2025-03-20	CVE-2024-13921	Deserialization of Untrusted Data vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. network low complexity webtoffee CWE-502	7.2
2025-03-20	CVE-2024-13922	External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. network low complexity webtoffee CWE-73	6.5
2025-03-20	CVE-2024-13923	Server-Side Request Forgery (SSRF) vulnerability in Webtoffee Order Export & Order Import for Woocommerce The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. network low complexity webtoffee CWE-918	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.