CVE-2022-41623

2022-10-1420:15:16

CWE-202

[email protected]

web.nvd.nist.gov

villatheme

ald

aliexpress

dropshipping

fulfillment

woocommerce

premium plugin

wordpress

cve-2022-41623

sensitive data exposure

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.

Affected configurations

Vulners

NVD

Node

villathemedropshipping_and_fulfillment_for_aliexpress_and_woocommerceRange≤1.1.0

VendorProductVersionCPE
villathemedropshipping_and_fulfillment_for_aliexpress_and_woocommerce*cpe:2.3:a:villatheme:dropshipping_and_fulfillment_for_aliexpress_and_woocommerce:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
villatheme	dropshipping_and_fulfillment_for_aliexpress_and_woocommerce	*	cpe:2.3:a:villatheme:dropshipping_and_fulfillment_for_aliexpress_and_woocommerce::::::::

CNA Affected

[
  {
    "vendor": "Villatheme",
    "product": "ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin)",
    "versions": [
      {
        "version": "<= 1.1.0",
        "status": "affected",
        "lessThanOrEqual": "1.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-alidropship/wordpress-ald-aliexpress-dropshipping-and-fulfillment-for-woocommerce-plugin-1-1-0-sensitive-data-exposure?_s_id=cve

villatheme.com/extensions/aliexpress-dropshipping-and-fulfillment-for-woocommerce/#tab-changelog