Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WebToffee — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting WebToffee. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Webtoffee operates primarily as a developer of WordPress plugins, focusing on e-commerce solutions, SEO optimization, and digital marketing tools. The company’s software portfolio has been associated with approximately 50 recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. These vulnerabilities predominantly involve cross-site scripting (XSS), SQL injection, and unauthenticated remote code execution (RCE), often stemming from insufficient input validation and inadequate access controls within plugin architectures. Notable incidents include the exploitation of insecure file upload mechanisms and privilege escalation flaws that allowed low-privileged users to perform administrative actions. The high volume of CVEs suggests systemic issues in code review processes or reliance on third-party libraries without rigorous security auditing. While the specific impact of each incident varies, the pattern highlights critical risks for organizations deploying these plugins without timely patching or security hardening measures.

Top products by WebToffee: Order Export & Order Import for WooCommerce Export and Import Users and Customers WordPress Backup & Migration Product Import Export for WooCommerce – Import Export Product CSV Suite WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Product Feed for WooCommerce Comments Import & Export WordPress Comments Import & Export Product Import Export for WooCommerce Import Export WordPress Users WebToffee eCommerce Marketing Automation Accessibility Toolkit by WebYes Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images Smart Coupons for WooCommerce Wishlist for WooCommerce WebToffee WP Backup and Migration WooCommerce Shipping Label Decorator – WooCommerce Email Customizer Product Reviews Import Export for WooCommerce Stripe Payment Plugin for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2024-34751 WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability — Order Export & Order Import for WooCommerceCWE-502 4.4 Medium2024-05-16
CVE-2024-3546 WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal — WebToffee WP Backup and MigrationCWE-862 4.3 Medium2024-05-02
CVE-2024-32834 WordPress WooCommerce Shipping Label plugin <= 2.3.8 - Cross Site Scripting (XSS) vulnerability — WooCommerce Shipping LabelCWE-79 5.9 Medium2024-04-24
CVE-2024-32835 WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability — Import Export WordPress UsersCWE-502 5.4 Medium2024-04-24
CVE-2024-31235 WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability — WordPress Comments Import & ExportCWE-352 4.3 Medium2024-04-12
CVE-2024-31254 WordPress WordPress Backup & Migration plugin <= 1.4.7 - Sensitive Data Exposure via Log File vulnerability — WordPress Backup & MigrationCWE-532 3.7 Low2024-04-10
CVE-2024-3216 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset — WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping LabelsCWE-862 5.3 Medium2024-04-06
CVE-2024-30492 WordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerability — Import Export WordPress UsersCWE-22 4.3 Medium2024-03-29
CVE-2024-22288 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability — WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping LabelsCWE-79 7.1 High2024-03-27
CVE-2024-30231 WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability — Product Import Export for WooCommerceCWE-434 9.1 Critical2024-03-26
CVE-2024-0957 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting — WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping LabelsCWE-79 6.1 Medium2024-03-22
CVE-2024-22135 WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload — Order Export & Order Import for WooCommerceCWE-434 8.0 High2024-01-24
CVE-2024-22152 WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload — Product Import Export for WooCommerceCWE-434 8.0 High2024-01-24
CVE-2023-6558 Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload — Export and Import Users and CustomersCWE-434 7.2 High2024-01-11
CVE-2023-7068 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order Export — WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping LabelsCWE-862 4.3 Medium2024-01-03
CVE-2023-48284 WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) — Decorator – WooCommerce Email CustomizerCWE-352 4.3 Medium2023-11-30
CVE-2022-45370 WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection — WordPress Comments Import & ExportCWE-1236 6.1 Medium2023-11-07
CVE-2022-46802 WordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV Injection — Product Reviews Import Export for WooCommerceCWE-1236 6.1 Medium2023-11-07
CVE-2023-4040 WordPress plugin Stripe Payment Plugin for WooCommerce 安全漏洞 — Stripe Payment Plugin for WooCommerce 5.3 Medium2023-08-18
CVE-2023-3459 Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change — Export and Import Users and CustomersCWE-863 7.2 High2023-07-18

This page lists every published CVE security advisory associated with WebToffee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.