24 matches found
CVE-2024-2381
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
EUVD-2022-44814
Malicious code in bioql PyPI...
EUVD-2024-44069
Malicious code in bioql PyPI...
EUVD-2024-27334
Malicious code in bioql PyPI...
CVE-2024-37211 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerability
Broken Access Control to XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.4.6 - CSRF to XSS vulnerability
CSRF to XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.4.6...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...
CVE-2024-2381
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-4450 AliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several Functions
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...
CVE-2024-4450 AliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several Functions
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...
CVE-2024-4450
CVE-2024-4450 affects AliExpress Dropshipping with AliNext Lite for WordPress. The issue is a missing capability check in several functions of ImportAjaxController.php, affecting all versions up to 3.3.5. This allows authenticated attackers with subscriber-level access and above to perform action...
PT-2024-20095 · WordPress · Aliexpress Dropshipping With Alinext Lite
Name of the Vulnerable Software and Affected Versions: AliExpress Dropshipping with AliNext Lite plugin for WordPress versions up to, and including, 3.3.5 Description: The issue is related to arbitrary file uploads due to missing file type validation in the ajax save image function. This allows...
WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin AliNext versions = 3.3.5...
CVE-2024-1732
The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...
CVE-2022-41623
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin = 1.1.0 on WordPress...