SecAlerts
CVE ListPricingSign Up
webtoffee logo

webtoffee

Security Risk Profile

41
/100
medium

Security Risk Score

Comprehensive risk assessment based on 59 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 19, 2018 to present

59
Total CVEs
25
Critical+High
0
Exploited
5
Unpatched

Threat Assessment

Avg CVSS
6.3
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
5
Critical/High
Risk Level
41/100
medium
🆕 1Fresh (<7d)📈 1 in Last 30 Days

Severity Distribution

Critical
5
High
20
Medium
32
Low
2

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
18

Age Distribution

Common Weaknesses (CWE)

1
XSS
11
2
Path Traversal
4
3
Malicious File Upload
4
4
CSRF
3
5
SSRF
3

Most Affected Products

1. WebToffee Import Export Wordpress Users Wordpress8
2. WebToffee Product Import Export For Woocommerce Wordpress6
3. WebToffee Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels Wordpress6
4. WebToffee Order Export \& Order Import For Woocommerce Wordpress5
5. WebToffee GDPR Cookie Compliance5

Recent Vulnerabilities

See more →
CVE-2026-45438
CVSS 7.5high

WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability

5/25/2026
CVE-2026-32441
CVSS 7.7high

WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

3/25/2026🔧 No Patch
CVE-2026-22480
CVSS 7.2high

WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

3/25/2026🔧 No Patch
CVE-2025-67599
CVSS 4.3medium

WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability

12/9/2025🔧 No Patch
CVE-2025-66089
CVSS 4.3medium

WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability

11/21/2025🔧 No Patch
CVE-2025-64382
CVSS 4.3medium

WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability

11/13/2025🔧 No Patch
CVE-2025-64358
CVSS 4.3medium

WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability

10/31/2025🔧 No Patch
CVE-2025-49287
CVSS 4.3EPSS 0%medium

WordPress Product Feed for WooCommerce plugin <= 2.2.8 - Broken Access Control Vulnerability

6/6/2025
CVE-2024-8397
CVSS 5.4medium

GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS

5/15/2025🔧 No Patch
CVE-2024-8286
CVSS 6.5medium

GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF

5/15/2025🔧 No Patch

Monitor webtoffee in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.