Vulnerabilities > Webtoffee > Order Export Order Import FOR Woocommerce > 2.4.4

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-13920 Path Traversal vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function.
network
low complexity
webtoffee CWE-22
4.9
2025-03-20 CVE-2024-13921 Deserialization of Untrusted Data vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter.
network
low complexity
webtoffee CWE-502
7.2
2025-03-20 CVE-2024-13922 External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0.
network
low complexity
webtoffee CWE-73
6.5
2025-03-20 CVE-2024-13923 Server-Side Request Forgery (SSRF) vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function.
network
low complexity
webtoffee CWE-918
6.5