Browse all 50 CVE security advisories affecting webtoffee. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Webtoffee operates primarily as a developer of WordPress plugins, focusing on e-commerce solutions, SEO optimization, and digital marketing tools. The company’s software portfolio has been associated with approximately 50 recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. These vulnerabilities predominantly involve cross-site scripting (XSS), SQL injection, and unauthenticated remote code execution (RCE), often stemming from insufficient input validation and inadequate access controls within plugin architectures. Notable incidents include the exploitation of insecure file upload mechanisms and privilege escalation flaws that allowed low-privileged users to perform administrative actions. The high volume of CVEs suggests systemic issues in code review processes or reliance on third-party libraries without rigorous security auditing. While the specific impact of each incident varies, the pattern highlights critical risks for organizations deploying these plugins without timely patching or security hardening measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67599 | WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability — WebToffee eCommerce Marketing AutomationCWE-862 | 4.3 | Medium | 2025-12-09 |
This page lists every published CVE security advisory associated with webtoffee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.