← Back

Webtoffee

webtoffee

37 CVEs • 10 products

Products (10)

Click to collapse
Toggle
Import Export Wordpress Users
import_export_wordpress_users
8 CVEs
Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels
woocommerce_pdf_invoices,_packing_slips,_delivery_notes_and_shipping_labels
6 CVEs
Product Import Export For Woocommerce
product_import_export_for_woocommerce
6 CVEs
Order Export & Order Import For Woocommerce
order_export_&_order_import_for_woocommerce
5 CVEs
Stripe Payment Plugin For Woocommerce
stripe_payment_plugin_for_woocommerce
3 CVEs
Backup And Migration
backup_and_migration
3 CVEs
Wordpress Comments Import And Export
wordpress_comments_import_and_export
2 CVEs
Gdpr Cookie Consent
gdpr_cookie_consent
2 CVEs
Product Reviews Import Export For Woocommerce
product_reviews_import_export_for_woocommerce
1 CVE
Decorator
decorator
1 CVE

CVEs (37)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-0957
1Webtoffee
1Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels
Apr 8, 2026
Mar 22, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 d...Show more
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.Show less
CVE-2024-22152
1Webtoffee
1Product Import Export For Woocommerce
Apr 28, 2026
Jan 24, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.
CVE-2024-22135
1Webtoffee
1Order Export & Order Import For Woocommerce
Apr 28, 2026
Jan 24, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.
CVE-2024-0705
1Webtoffee
1Stripe Payment Plugin For Woocommerce
Apr 8, 2026
Jan 19, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter...Show more
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2023-6558
1Webtoffee
1Import Export Wordpress Users
Apr 8, 2026
Jan 11, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8...Show more
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2023-7068
1Webtoffee
1Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels
Apr 8, 2026
Jan 3, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all ve...Show more
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.Show less
CVE-2023-48284
1Webtoffee
1Decorator
Apr 28, 2026
Nov 30, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.
CVE-2023-5738
1Webtoffee
1Backup And Migration
Nov 21, 2024
Nov 27, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
CVE-2023-5737
1Webtoffee
1Backup And Migration
Nov 21, 2024
Nov 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
CVE-2022-45370
1Webtoffee
1Wordpress Comments Import And Export
Apr 28, 2026
Nov 7, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1.
CVE-2022-46802
1Webtoffee
1Product Reviews Import Export For Woocommerce
Apr 28, 2026
Nov 7, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.
CVE-2023-3162
1Webtoffee
1Stripe Payment Plugin For Woocommerce
Apr 8, 2026
Aug 31, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a...Show more
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.Show less
CVE-2023-4040
1Webtoffee
1Stripe Payment Plugin For Woocommerce
Nov 21, 2024
Aug 18, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3....Show more
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.Show less
CVE-2023-3459
1Webtoffee
1Import Export Wordpress Users
Apr 8, 2026
Jul 18, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versio...Show more
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.Show less
CVE-2020-12074
1Webtoffee
1Import Export Wordpress Users
Nov 21, 2024
Apr 23, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
CVE-2019-15092
1Webtoffee
1Import Export Wordpress Users
Nov 21, 2024
Aug 23, 2019
N/A· v4
7.3 HIGH· v3
6.0 MEDIUM· v2
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by th...Show more
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.Show less
CVE-2018-11526
1Webtoffee
1Wordpress Comments Import And Export
Nov 21, 2024
Jun 19, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.