Vulnerabilities > Webtoffee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-3162 | Unspecified vulnerability in Webtoffee Stripe Payment Plugin for Woocommerce The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. | 9.8 |
| 2023-08-18 | CVE-2023-4040 | Unspecified vulnerability in Webtoffee Stripe Payment Plugin for Woocommerce The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. | 5.3 |
| 2023-07-18 | CVE-2023-3459 | Unspecified vulnerability in Webtoffee Import Export Wordpress Users The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. | 7.2 |
| 2020-04-23 | CVE-2020-12074 | Improper Privilege Management vulnerability in Webtoffee Import Export Wordpress Users The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | 8.8 |
| 2019-08-23 | CVE-2019-15092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 7.3 |
| 2018-06-19 | CVE-2018-11526 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | 7.8 |