NotificationX Dropshipping < 4.4 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection id: CVE-2022-3481 info: name: NotificationX Dropshipping 4.4 - SQL Injection author: ritikchaddha severity: critical...

CVE-2026-54846

Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...

CVE-2026-54846

CVE-2026-54846: Unauthenticated Broken Access Control in WordPress plugin Syncee Premium Dropshipping & Wholesale (versions

CVE-2026-54846 WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...

EUVD-2026-39683

Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...

WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Syncee Premium Dropshipping & Wholesale versions = 1.0.27...

EUVD-2026-37614

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

CVE-2024-37210

CVE-2024-37210 concerns WordPress AliExpress Dropshipping with AliNext Lite plugin

CVE-2026-49071

The entry affects the WordPress WooCommerce Dropshipping plugin (versions

CVE-2026-49071 WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Dropshipping versions = 5.2.4...

CVE-2023-25960

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0...

CVE-2023-25970

Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0...

CVE-2024-2381

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...

WordPress EPROLO Dropshipping plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Tracking Data Modification vulnerability discovered by Legion Hunter in WordPress Plugin EPROLO Dropshipping versions = 2.3.1...

CVE-2025-12133

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxeprolodeletetracking and wpajaxeprolosavetrackingdata AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated...

CVE-2025-12133

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxeprolodeletetracking and wpajaxeprolosavetrackingdata AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated...

CVE-2025-12133 EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxeprolodeletetracking and wpajaxeprolosavetrackingdata AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated...

CVE-2025-12133

CVE-2025-12133 affects the EPROLO Dropshipping plugin for WordPress (versions up to 2.3.1). The issue is a missing capability check on two AJAX endpoints (wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data), allowing authenticated users with Subscriber+ privileges to modify or d...