Ali2Woo Aliexpress Dropshipping With Alinext vulnerabilities
4 known vulnerabilities affecting ali2woo/aliexpress_dropshipping_with_alinext.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-2381P2HIGHCVSS 8.8fixed in 3.3.62024-06-19
CVE-2024-2381 [HIGH] CWE-434 CVE-2024-2381: The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file u
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected s
nvd
CVE-2024-37212P3HIGHCVSS 8.8≤ 3.3.52024-06-21
CVE-2024-37212 [HIGH] CWE-352 CVE-2024-37212: Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo L
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
nvd
CVE-2024-4450P3MEDIUMCVSS 6.3fixed in 3.3.72024-06-19
CVE-2024-4450 [MEDIUM] CWE-862 CVE-2024-4450: The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized acc
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several a
nvd
CVE-2024-37211P4MEDIUMCVSS 6.1fixed in 3.3.72024-07-22
CVE-2024-37211 [MEDIUM] CWE-79 CVE-2024-37211: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
nvd