PatchSiren

WebToffee CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WebToffee CVE published 2026-06-15

CVE-2026-49056

CVE-2026-49056 is a high-severity vulnerability (CVSS Score: 7.5) affecting WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin versions <= 4.9.4. This vulnerability allows unauthenticated sensitive data exposure. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].

MEDIUM WebToffee CVE published 2026-05-27

CVE-2026-48971

A Missing Authorization vulnerability (CWE-862) in the WebToffee Product Import Export for WooCommerce WordPress plugin allows authenticated attackers with low privileges to exploit incorrectly configured access control security levels. The vulnerability affects all versions from n/a through 2.5.6. The issue was published to the CVE List on 2026-05-27 and carries a CVSS 3.1 score of 4.3 (Medium severity), [truncated]

HIGH WebToffee CVE published 2026-05-25

CVE-2026-45438

A Missing Authorization vulnerability (CWE-862) in the Smart Coupons for WooCommerce WordPress plugin allows unauthenticated attackers to exploit incorrectly configured access control security levels. The vulnerability affects all versions prior to 2.3.0 and has been assigned a CVSS 3.1 score of 7.5 (HIGH), indicating significant risk due to network attack vector, low attack complexity, no privileges requ [truncated]