Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webtoffee vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-6558
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attacke...
Webtoffee Import Export Wordpress Users
6.5
CVSSv3
CVE-2023-7068
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible f...
Webtoffee Woocommerce Pdf Invoices\\, Packing Slips\\, Delivery Notes And Shipping Labels
8.8
CVSSv3
CVE-2023-48284
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a up to and including 1.2.7.
Webtoffee Decorator
5.4
CVSSv3
CVE-2023-5738
The WordPress Backup & Migration WordPress plugin prior to 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
Webtoffee Backup And Migration
4.3
CVSSv3
CVE-2023-5737
The WordPress Backup & Migration WordPress plugin prior to 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
Webtoffee Backup And Migration
9.8
CVSSv3
CVE-2022-45370
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a up to and including 2.3.1.
Webtoffee Wordpress Comments Import And Export
9.8
CVSSv3
CVE-2022-46802
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a up to and including 1.4.8.
Webtoffee Product Reviews Import Export For Woocommerce
9.8
CVSSv3
CVE-2023-3162
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthentica...
Webtoffee Stripe Payment Plugin For Woocommerce
5.3
CVSSv3
CVE-2023-4040
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated malicious us...
Webtoffee Stripe Payment Plugin For Woocommerce
7.2
CVSSv3
CVE-2023-3459
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it poss...
Webtoffee Import Export Wordpress Users
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »