Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

WebToffee — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting WebToffee. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products WebToffee:Order Export & Order Import for WooCommerceExport and Import Users and CustomersWordPress Backup & MigrationProduct Import Export for WooCommerce – Import Export Product CSV SuiteWebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping LabelsWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping LabelsProduct Feed for WooCommerceComments Import & ExportWordPress Comments Import & ExportProduct Import Export for WooCommerceImport Export WordPress UsersWebToffee eCommerce Marketing AutomationAccessibility Toolkit by WebYesAlt Text Generator AI – Auto Generate & Bulk Update Alt Texts For ImagesSmart Coupons for WooCommerceWishlist for WooCommerceWebToffee WP Backup and MigrationWooCommerce Shipping LabelDecorator – WooCommerce Email CustomizerProduct Reviews Import Export for WooCommerceStripe Payment Plugin for WooCommerce
CVE IDTitleCVSSSeverityPaused
CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability — Comments Import & ExportCWE-862 8.2 -2026-03-25
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability — Product Feed for WooCommerceCWE-502 7.2 High2026-03-25
CVE-2025-67599 WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability — WebToffee eCommerce Marketing AutomationCWE-862 9.1AICriticalAI2025-12-09
CVE-2025-66112 WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability — Accessibility Toolkit by WebYesCWE-862 9.1 -2025-11-21
CVE-2025-66089 WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability — Product Feed for WooCommerceCWE-862 4.3 Medium2025-11-21
CVE-2025-64382 WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability — Order Export & Order Import for WooCommerceCWE-862 9.1 -2025-11-13
CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion — Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For ImagesCWE-862 4.3 Medium2025-11-12
CVE-2025-64358 WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability — Smart Coupons for WooCommerceCWE-862 4.3 Medium2025-10-31
CVE-2025-49287 WordPress Product Feed for WooCommerce plugin <= 2.2.8 - Broken Access Control Vulnerability — Product Feed for WooCommerceCWE-862 4.3 Medium2025-06-06
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Comments Import & ExportCWE-79 6.4 Medium2025-06-02
CVE-2025-24651 WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability — WordPress Backup & MigrationCWE-532 7.5AIHighAI2025-04-17
CVE-2025-1913 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-502 7.2 High2025-03-26
CVE-2025-1911 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-73 2.7 Low2025-03-26
CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-918 7.6 High2025-03-26
CVE-2025-1769 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-22 4.9 Medium2025-03-26
CVE-2025-1973 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function — Export and Import Users and CustomersCWE-22 4.9 Medium2025-03-22
CVE-2025-1971 Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Export and Import Users and CustomersCWE-502 7.2 High2025-03-22
CVE-2025-1970 Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Export and Import Users and CustomersCWE-918 7.6 High2025-03-22
CVE-2025-1972 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Export and Import Users and CustomersCWE-73 2.7 Low2025-03-22
CVE-2024-13920 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function — Order Export & Order Import for WooCommerceCWE-22 4.9 Medium2025-03-20
CVE-2024-13921 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Order Export & Order Import for WooCommerceCWE-502 7.2 High2025-03-20
CVE-2024-13923 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Order Export & Order Import for WooCommerceCWE-918 7.6 High2025-03-20
CVE-2024-13922 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Order Export & Order Import for WooCommerceCWE-73 2.7 Low2025-03-20
CVE-2025-24657 WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability — Wishlist for WooCommerceCWE-79 5.9 Medium2025-01-24
CVE-2025-24644 WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability — WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping LabelsCWE-79 5.9 Medium2025-01-24
CVE-2023-45636 WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability — WordPress Backup & MigrationCWE-862 9.1 -2025-01-02
CVE-2023-33928 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability — WordPress Backup & MigrationCWE-862 4.3 Medium2024-12-13
CVE-2024-7514 WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal — Comments Import & ExportCWE-22 6.5 Medium2024-10-11
CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability — WordPress Backup & MigrationCWE-862 5.4 Medium2024-06-11
CVE-2023-51546 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability — WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping LabelsCWE-269 7.2 High2024-05-17

This page lists every published CVE security advisory associated with WebToffee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.