The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Sep 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ali2woo
Ali2woo aliexpress Dropshipping With Alinext |
|
Weaknesses | CWE-862 | |
CPEs | cpe:2.3:a:ali2woo:aliexpress_dropshipping_with_alinext:*:*:*:*:lite:wordpress:*:* | |
Vendors & Products |
Ali2woo
Ali2woo aliexpress Dropshipping With Alinext |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-19T03:12:27.467Z
Updated: 2024-08-01T20:40:47.189Z
Reserved: 2024-05-02T20:36:43.554Z
Link: CVE-2024-4450
Vulnrichment
Updated: 2024-08-01T20:40:47.189Z
NVD
Status : Analyzed
Published: 2024-06-19T04:15:11.497
Modified: 2024-09-20T00:22:56.587
Link: CVE-2024-4450
Redhat
No data.