4:["$","div",null,{"className":"wrap","children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"CollectionPage\",\"name\":\"Vulnerabilities in webtoffee\",\"url\":\"https://vexday.io/en/vendor/webtoffee\",\"isPartOf\":{\"@type\":\"WebSite\",\"name\":\"Vexday\",\"url\":\"https://vexday.io\"},\"mainEntity\":{\"@type\":\"ItemList\",\"numberOfItems\":53},\"breadcrumb\":{\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https://vexday.io/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technologies\",\"item\":\"https://vexday.io/en/vendors\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"webtoffee\"}]}}"}}],["$","nav",null,{"className":"crumbs","children":[["$","$La",null,{"href":"/en","children":"Home"}]," ",["$","span",null,{"children":"/"}]," ",["$","$La",null,{"href":"/en/vendors","children":"Technologies"}]," ",["$","span",null,{"children":"/"}]," ",["$","b",null,{"children":"webtoffee"}]]}],["$","div",null,{"className":"sec-head","style":{"marginTop":18},"children":[["$","h1",null,{"style":{"fontSize":"1.7rem","margin":0,"fontFamily":"var(--font-display)","fontWeight":700},"children":["Vulnerabilities in"," ",["$","span",null,{"style":{"color":"var(--orange)"},"children":"webtoffee"}]]}],["$","span",null,{"className":"t","children":["53"," ","results"]}]]}],["$","div",null,{"className":"list","children":[["$","$La","CVE-2026-45438",{"className":"item","href":"/en/cve/CVE-2026-45438","children":[["$","span",null,{"className":"cid","children":"CVE-2026-45438"}],["$","span",null,{"className":"sevtag HIGH","children":"HIGH"}],["$","span",null,{"className":"tt2","children":"WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.3%"}]]}],false]}]]}],["$","$La","CVE-2026-32441",{"className":"item","href":"/en/cve/CVE-2026-32441","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32441"}],["$","span",null,{"className":"sevtag HIGH","children":"HIGH"}],["$","span",null,{"className":"tt2","children":"WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.3%"}]]}],false]}]]}],["$","$La","CVE-2025-49287",{"className":"item","href":"/en/cve/CVE-2025-49287","children":[["$","span",null,{"className":"cid","children":"CVE-2025-49287"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Product Feed for WooCommerce plugin <= 2.2.8 - Broken Access Control Vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.3%"}]]}],false]}]]}],["$","$La","CVE-2024-34751",{"className":"item","href":"/en/cve/CVE-2024-34751","children":[["$","span",null,{"className":"cid","children":"CVE-2024-34751"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-3919",{"className":"item","href":"/en/cve/CVE-2025-3919","children":[["$","span",null,{"className":"cid","children":"CVE-2025-3919"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-48971",{"className":"item","href":"/en/cve/CVE-2026-48971","children":[["$","span",null,{"className":"cid","children":"CVE-2026-48971"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2024-31235",{"className":"item","href":"/en/cve/CVE-2024-31235","children":[["$","span",null,{"className":"cid","children":"CVE-2024-31235"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-64358",{"className":"item","href":"/en/cve/CVE-2025-64358","children":[["$","span",null,{"className":"cid","children":"CVE-2025-64358"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-66112",{"className":"item","href":"/en/cve/CVE-2025-66112","children":[["$","span",null,{"className":"cid","children":"CVE-2025-66112"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-66089",{"className":"item","href":"/en/cve/CVE-2025-66089","children":[["$","span",null,{"className":"cid","children":"CVE-2025-66089"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-64382",{"className":"item","href":"/en/cve/CVE-2025-64382","children":[["$","span",null,{"className":"cid","children":"CVE-2025-64382"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-67599",{"className":"item","href":"/en/cve/CVE-2025-67599","children":[["$","span",null,{"className":"cid","children":"CVE-2025-67599"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-12113",{"className":"item","href":"/en/cve/CVE-2025-12113","children":[["$","span",null,{"className":"cid","children":"CVE-2025-12113"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}]]}],["$","div",null,{"className":"pagination","children":[["$","$La",null,{"href":"?page=2","children":"← previous"}],["$","span",null,{"className":"pgnum","children":["page"," ","3"," / ","3"]}],["$","span",null,{"className":"off","children":"next →"}]]}]]}]