ReportizFlow
Filtered by vendor Webtoffee
Subscriptions
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32441 | 2 Webtoffee, Wordpress | 2 Wordpress Comments Import And Export, Wordpress | 2026-04-29 | 7.7 High |
| Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9. | ||||
| CVE-2024-30231 | 2 Webtoffee, Wordpress | 2 Product Import Export For Woocommerce, Wordpress | 2026-04-28 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | ||||
| CVE-2022-46802 | 1 Webtoffee | 1 Product Reviews Import Export For Woocommerce | 2026-04-28 | 6.1 Medium |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | ||||
| CVE-2022-45370 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2026-04-28 | 6.1 Medium |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | ||||
| CVE-2024-31254 | 1 Webtoffee | 1 Backup And Migration | 2026-04-28 | 3.7 Low |
| Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | ||||
| CVE-2024-30492 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-28 | 4.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. | ||||
| CVE-2024-22288 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. | ||||
| CVE-2024-22152 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2026-04-28 | 8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | ||||
| CVE-2024-22135 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2026-04-28 | 8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | ||||
| CVE-2023-48284 | 1 Webtoffee | 1 Decorator | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7. | ||||
| CVE-2026-22480 | 2 Webtoffee, Wordpress | 2 Product Feed For Woocommerce, Wordpress | 2026-04-24 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3. | ||||
| CVE-2025-66089 | 3 Webtoffee, Woocommerce, Wordpress | 3 Product Feed For Woocommerce, Woocommerce, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1. | ||||
| CVE-2025-64358 | 3 Webtoffee, Woocommerce, Wordpress | 3 Smart Coupons For Woocommerce, Woocommerce, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3. | ||||
| CVE-2025-24644 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce allows Stored XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through <= 4.7.1. | ||||
| CVE-2025-1972 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-22 | 2.7 Low |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | ||||
| CVE-2025-1973 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-22 | 4.9 Medium |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | ||||
| CVE-2025-1971 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-22 | 7.2 High |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2025-1970 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-04-22 | 7.6 High |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-1769 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2026-04-22 | 4.9 Medium |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | ||||
| CVE-2025-1912 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2026-04-22 | 7.6 High |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||