Impact
A missing authorization flaw in the AliNext component of the Ali2Woo Lite WordPress plugin allows attackers to bypass proper access controls. This vulnerability can enable users with incorrect or lower privileges to perform actions normally reserved for higher‑privileged roles, potentially exposing, modifying, or deleting configuration data that the plugin manages.
Affected Systems
The issue affects the WordPress Ali2Woo Lite plugin, known internally as AliNext, for all versions from the earliest build up to and including 3.3.5. Users running any of these versions on a WordPress site are vulnerable.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate to high severity. No EPSS score is available, so the exact likelihood of exploitation is unknown, and the vulnerability is not currently listed in CISA’s KEV catalog. Because the flaw resides in a web‑based administration interface, it is likely exploitable via authenticated or unauthenticated web requests directed at the plugin’s management endpoints, making it potentially relevant to remote attackers who can reach the WordPress installation.
OpenCVE Enrichment