Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WebToffee — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting WebToffee. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Webtoffee operates primarily as a developer of WordPress plugins, focusing on e-commerce solutions, SEO optimization, and digital marketing tools. The company’s software portfolio has been associated with approximately 50 recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. These vulnerabilities predominantly involve cross-site scripting (XSS), SQL injection, and unauthenticated remote code execution (RCE), often stemming from insufficient input validation and inadequate access controls within plugin architectures. Notable incidents include the exploitation of insecure file upload mechanisms and privilege escalation flaws that allowed low-privileged users to perform administrative actions. The high volume of CVEs suggests systemic issues in code review processes or reliance on third-party libraries without rigorous security auditing. While the specific impact of each incident varies, the pattern highlights critical risks for organizations deploying these plugins without timely patching or security hardening measures.

Top products by WebToffee: Order Export & Order Import for WooCommerce Export and Import Users and Customers WordPress Backup & Migration Product Import Export for WooCommerce – Import Export Product CSV Suite WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Product Feed for WooCommerce Comments Import & Export WordPress Comments Import & Export Product Import Export for WooCommerce Import Export WordPress Users WebToffee eCommerce Marketing Automation Accessibility Toolkit by WebYes Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images Smart Coupons for WooCommerce Wishlist for WooCommerce WebToffee WP Backup and Migration WooCommerce Shipping Label Decorator – WooCommerce Email Customizer Product Reviews Import Export for WooCommerce Stripe Payment Plugin for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability — Comments Import & ExportCWE-862 7.7 High2026-03-25
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability — Product Feed for WooCommerceCWE-502 7.2 High2026-03-25
CVE-2025-67599 WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability — WebToffee eCommerce Marketing AutomationCWE-862 4.3 Medium2025-12-09
CVE-2025-66112 WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability — Accessibility Toolkit by WebYesCWE-862 4.3 Medium2025-11-21
CVE-2025-66089 WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability — Product Feed for WooCommerceCWE-862 4.3 Medium2025-11-21
CVE-2025-64382 WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability — Order Export & Order Import for WooCommerceCWE-862 4.3 Medium2025-11-13
CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion — Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For ImagesCWE-862 4.3 Medium2025-11-12
CVE-2025-64358 WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability — Smart Coupons for WooCommerceCWE-862 4.3 Medium2025-10-31
CVE-2025-49287 WordPress Product Feed for WooCommerce plugin <= 2.2.8 - Broken Access Control Vulnerability — Product Feed for WooCommerceCWE-862 4.3 Medium2025-06-06
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Comments Import & ExportCWE-79 6.4 Medium2025-06-02
CVE-2025-24651 WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability — WordPress Backup & MigrationCWE-532 5.9 Medium2025-04-17
CVE-2025-1913 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-502 7.2 High2025-03-26
CVE-2025-1911 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-73 2.7 Low2025-03-26
CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-918 7.6 High2025-03-26
CVE-2025-1769 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function — Product Import Export for WooCommerce – Import Export Product CSV SuiteCWE-22 4.9 Medium2025-03-26
CVE-2025-1973 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function — Export and Import Users and CustomersCWE-22 4.9 Medium2025-03-22
CVE-2025-1971 Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Export and Import Users and CustomersCWE-502 7.2 High2025-03-22
CVE-2025-1970 Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Export and Import Users and CustomersCWE-918 7.6 High2025-03-22
CVE-2025-1972 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Export and Import Users and CustomersCWE-73 2.7 Low2025-03-22
CVE-2024-13920 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function — Order Export & Order Import for WooCommerceCWE-22 4.9 Medium2025-03-20
CVE-2024-13921 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter — Order Export & Order Import for WooCommerceCWE-502 7.2 High2025-03-20
CVE-2024-13923 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Order Export & Order Import for WooCommerceCWE-918 7.6 High2025-03-20
CVE-2024-13922 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Order Export & Order Import for WooCommerceCWE-73 2.7 Low2025-03-20
CVE-2025-24657 WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability — Wishlist for WooCommerceCWE-79 5.9 Medium2025-01-24
CVE-2025-24644 WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability — WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping LabelsCWE-79 5.9 Medium2025-01-24
CVE-2023-45636 WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability — WordPress Backup & MigrationCWE-862 5.4 Medium2025-01-02
CVE-2023-33928 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability — WordPress Backup & MigrationCWE-862 4.3 Medium2024-12-13
CVE-2024-7514 WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal — Comments Import & ExportCWE-22 6.5 Medium2024-10-11
CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability — WordPress Backup & MigrationCWE-862 5.4 Medium2024-06-11
CVE-2023-51546 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability — WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping LabelsCWE-269 7.2 High2024-05-17

This page lists every published CVE security advisory associated with WebToffee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.