EUVD-2026-32311

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

EUVD-2025-163766

Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through = 2.6.7...

EUVD-2024-28412

Malicious code in bioql PyPI...

EUVD-2025-15265

Malicious code in bioql PyPI...

CVE-2024-8286

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious...

CVE-2024-8397

CVE-2024-8397 affects the WordPress plugin webtoffee-gdpr-cookie-consent (versions before 2.6.1). The root cause is improper sanitization/escaping of IP headers when logging, enabling a Stored XSS payload. The attack pattern is triggered when an admin visits the Consent report page, with the scri...

CVE-2025-24644

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping...

CVE-2025-24657 WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2...

CVE-2023-51546

Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1...

PT-2024-23876 · WordPress · Webtoffee Wordpress Comments Import & Export

Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Comments Import & Export versions 2.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

CVE-2024-22288

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping...

PT-2024-23277 · Webtoffee · Product Import Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Import Export for WooCommerce versions n/a through 2.4.1 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the WebToffee Product Import Export for WooCommerce. Recommendations: For...

PT-2024-19309 · Webtoffee · Webtoffee Woocommerce Pdf Invoices

Name of the Vulnerable Software and Affected Versions: WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions n/a through 4.4.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site...

CVE-2024-22152

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7...