{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-46811", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-12-08T09:38:31.433Z", "datePublished": "2024-12-13T14:22:07.796Z", "dateUpdated": "2026-04-28T16:07:54.697Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woo-alidropship", "product": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce", "vendor": "VillaTheme(villatheme.com)", "versions": [{"changes": [{"at": "1.0.22", "status": "unaffected"}], "lessThanOrEqual": "1.0.21", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Cat (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21.</p>"}], "value": "Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:07:54.697Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-1-0-21-broken-access-control-csrf?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin to the latest available version (at least 1.0.22)."}], "value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin to the latest available version (at least 1.0.22)."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-13T21:21:36.706577Z", "id": "CVE-2022-46811", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-13T21:21:50.087Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-46811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-13T21:21:36.706577Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-13T21:21:44.841Z"}}], "cna": {"title": "WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF", "credits": [{"lang": "en", "type": "finder", "value": "Cat | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VillaTheme", "product": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "1.0.22", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.21"}], "packageName": "woo-alidropship", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:35:02.069Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-1-0-21-broken-access-control-csrf?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in VillaTheme ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce woo-alidropship allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through <= 1.0.21.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in VillaTheme ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce woo-alidropship allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through <= 1.0.21.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T13:49:35.199Z"}}}, "cveMetadata": {"cveId": "CVE-2022-46811", "state": "PUBLISHED", "dateUpdated": "2026-04-23T13:49:35.199Z", "dateReserved": "2022-12-08T09:38:31.433Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-12-13T14:22:07.796Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en VillaTheme (villatheme.com) ALD \u2013 Dropshipping and Fulfillment para AliExpress y WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a ALD \u2013 Dropshipping and Fulfillment para AliExpress y WooCommerce: desde n/a hasta 1.0.21."}], "id": "CVE-2022-46811", "lastModified": "2026-04-28T19:19:06.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-12-13T15:15:09.270", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-1-0-21-broken-access-control-csrf?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}