WebToffee Order Export & Order Import for WooCommerce
Moderate fix1 remedy
cpe:2.3:a:webtoffee:order_export_&_order_import_for_woocommerce:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.6.0
Order Export & Order Import for WooCommerce Server-Side Request Forgery Vulnerability
Vulnerability
Patched
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Order Export & Order Import for WooCommerce plugin for WordPress, affecting all versions through 2.6.0. The vulnerability arises in the validate_file() function, allowing authenticated attackers with Administrator-level access to make web requests to arbitrary locations. This could be exploited to query and modify information from internal services.
Impact
Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make requests from the server to internal services or external systems, potentially leading to unauthorized data access or manipulation.
Reproduction
To reproduce this vulnerability, an authenticated user with Administrator-level access can use the 'validate_file' function to upload a file. The function can be manipulated to send requests to arbitrary locations, exploiting the SSRF vulnerability.
Remediation
Users are advised to update the Order Export & Order Import for WooCommerce plugin to version 2.6.1 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
5.0exploitability
6.0remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.