Vulnerabilities > Webtoffee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-5738 | Cross-site Scripting vulnerability in Webtoffee Backup and Migration The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | 5.4 |
| 2023-11-07 | CVE-2022-45370 | Unspecified vulnerability in Webtoffee Wordpress Comments Import and Export Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | 9.8 |
| 2023-11-07 | CVE-2022-46802 | Unspecified vulnerability in Webtoffee Product Reviews Import Export for Woocommerce Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | 9.8 |
| 2020-04-23 | CVE-2020-12074 | Improper Privilege Management vulnerability in Webtoffee Import Export Wordpress Users The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | 8.8 |
| 2019-08-23 | CVE-2019-15092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 7.3 |
| 2018-06-19 | CVE-2018-11526 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | 7.8 |