EUVD-2025-163766

Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through = 2.6.7...

CVE-2025-64382

CVE-2025-64382 affects the WordPress plugin Order Export & Order Import for WooCommerce (versions through 2.6.7). The issue is Missing Authorization/Broken Access Control due to incorrectly configured access control security levels, enabling unauthorized access to the plugin’s order-export/import...

CVE-2024-13921

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2024-13920

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...

CVE-2024-13923

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function vulnerability

Directory Traversal to Authenticated Administrator+ Limited Arbitrary File Read via downloadfile Function vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...

WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...

WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. WordPress plugin Order Export Import for WooCommerce - Order has an information disclosure vulnerability. An attacker can exploit the vulnerability to download all orders...

WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure

Exploit Title: WordPress Plugin Order Export Import for WooCommerce Link: https://wordpress.org/plugins/order-import-export-for-woocommerce/ Version: 1.0.8 Date: 19th 2016 Exploit Author: contact a david-peltier d fr Vendor Homepage: xadapter.com Version: 1.0.8 Timeline: Vuln found: 17-09-2016,...