Filtered by vendor Ali2woo
Subscribe
Filtered by product Aliexpress Dropshipping With Alinext
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4450 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-09-20 | N/A | 6.3 MEDIUM |
| The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. | |||||
| CVE-2024-2381 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-09-20 | N/A | 8.8 HIGH |
| The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-37211 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-07-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | |||||