Vulnerabilities in webtoffee
53 resultsCVE-2023-6558HIGHExport and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File UploadEPSS 1.4%CVE-2024-7514MEDIUMWordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory TraversalEPSS 1.0%CVE-2022-45370MEDIUMWordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV InjectionEPSS 0.8%CVE-2025-1913HIGHProduct Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data ParameterEPSS 0.8%CVE-2025-1769MEDIUMProduct Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file FunctionEPSS 0.8%CVE-2023-3459HIGHExport and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password ChangeEPSS 0.7%CVE-2024-13920MEDIUMOrder Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file FunctionEPSS 0.7%CVE-2022-46802MEDIUMWordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV InjectionEPSS 0.7%CVE-2025-1973MEDIUMExport and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file FunctionEPSS 0.7%CVE-2025-1971HIGHExport and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data ParameterEPSS 0.7%CVE-2024-13921HIGHOrder Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data ParameterEPSS 0.6%CVE-2023-51546HIGHWordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerabilityEPSS 0.6%CVE-2024-30231CRITICALWordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-22135HIGHWordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File UploadEPSS 0.5%CVE-2024-22152HIGHWordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File UploadEPSS 0.5%CVE-2024-30492MEDIUMWordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerabilityEPSS 0.5%CVE-2026-22480HIGHWordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2023-33928MEDIUMWordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-3546MEDIUMWordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory TraversalEPSS 0.5%CVE-2024-31254LOWWordPress WordPress Backup & Migration plugin <= 1.4.7 - Sensitive Data Exposure via Log File vulnerabilityEPSS 0.5%