Vulnerabilities in webtoffee
53 resultsCVE-2024-3216MEDIUMWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings ResetEPSS 0.4%CVE-2024-22288HIGHWordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2023-7068MEDIUMWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order ExportEPSS 0.4%CVE-2023-4040MEDIUMThe Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabilitEPSS 0.4%CVE-2025-1970HIGHExport and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file FunctionEPSS 0.4%CVE-2024-0957MEDIUMWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-1972LOWExport and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page FunctionEPSS 0.4%CVE-2024-13922LOWOrder Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page FunctionEPSS 0.4%CVE-2023-52183MEDIUMWordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-45636MEDIUMWordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-1911LOWProduct Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page FunctionEPSS 0.4%CVE-2024-13923HIGHOrder Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file FunctionEPSS 0.4%CVE-2024-32835MEDIUMWordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerabilityEPSS 0.4%CVE-2025-24644MEDIUMWordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-24657MEDIUMWordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-32834MEDIUMWordPress WooCommerce Shipping Label plugin <= 2.3.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-1912HIGHProduct Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file FunctionEPSS 0.3%CVE-2025-24651MEDIUMWordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2023-48284MEDIUMWordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2026-49056HIGHWordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerabilityEPSS 0.3%