Vulnerabilities > Webtoffee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-7068 | Missing Authorization vulnerability in Webtoffee Woocommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. | 6.5 |
| 2023-11-27 | CVE-2023-5737 | Missing Authorization vulnerability in Webtoffee Backup and Migration The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. | 4.3 |
| 2023-11-27 | CVE-2023-5738 | Cross-site Scripting vulnerability in Webtoffee Backup and Migration The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | 5.4 |