Vulnerabilities > Webtoffee

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-3162 Unspecified vulnerability in Webtoffee Stripe Payment Plugin for Woocommerce
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7.
network
low complexity
webtoffee
critical
9.8
2023-08-18 CVE-2023-4040 Unspecified vulnerability in Webtoffee Stripe Payment Plugin for Woocommerce
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9.
network
low complexity
webtoffee
5.3
2023-07-18 CVE-2023-3459 Unspecified vulnerability in Webtoffee Import Export Wordpress Users
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1.
network
low complexity
webtoffee
7.2
2020-04-23 CVE-2020-12074 Improper Privilege Management vulnerability in Webtoffee Import Export Wordpress Users
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
network
low complexity
webtoffee CWE-269
8.8
2019-08-23 CVE-2019-15092 Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
local
low complexity
webtoffee CWE-1236
7.3
2018-06-19 CVE-2018-11526 Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
local
low complexity
webtoffee CWE-1236
7.8