Access Control Flaw in WebToffee's Order Export & Import Plugin for WooCommerce
CVE-2025-64382

Currently unrated

Key Information:

Vendor

WordPress
Status
Order Export & Order Import For WooCommerce
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64382?

A missing authorization vulnerability exists in the WebToffee Order Export & Order Import plugin for WooCommerce, affecting versions up to 2.6.7. This flaw allows unauthorized users to exploit incorrectly configured access control security levels, potentially gaining access to sensitive order data without appropriate permissions. Users of this plugin are advised to review their security settings and update to the latest version to mitigate this risk.

Affected Version(s)

Order Export & Order Import for WooCommerce <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/orde...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64382 : Access Control Flaw in WebToffee's Order Export & Import Plugin for WooCommerce