Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aliexpress_dropshipping_with_alinext
(Ali2woo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-19 | CVE-2024-2381 | The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | Aliexpress_dropshipping_with_alinext | 8.8 | ||
| 2024-06-19 | CVE-2024-4450 | The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. | Aliexpress_dropshipping_with_alinext | 6.3 | ||
| 2024-07-22 | CVE-2024-37211 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | Aliexpress_dropshipping_with_alinext | 6.1 |