21 matches found
CVE-2024-4450
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...
CVE-2024-37214 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerability
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5...
CVE-2024-37211 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5...
CVE-2024-37211 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5...
CVE-2024-37213 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.4.6 - CSRF to XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in guru-aliexpress AliNext ali2woo-lite allows Cross Site Request Forgery.This issue affects AliNext: from n/a through = 3.4.6...
CVE-2024-37212 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability
Cross-Site Request Forgery CSRF vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerability
Broken Access Control to XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.4.6 - CSRF to XSS vulnerability
CSRF to XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.4.6...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.4.3 - CSRF to PHP Object Injection vulnerability
CSRF to PHP Object Injection vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.4.3...
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...
CVE-2024-2381
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2381
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2381
CVE-2024-2381 affects the AliExpress Dropshipping with AliNext Lite plugin for WordPress. The vulnerability is an arbitrary file upload due to missing file type validation in ajax_save_image in all versions up to 3.3.5. It requires authentication at subscriber level or higher, enabling an attacke...
CVE-2024-4450 AliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several Functions
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...
CVE-2024-4450
CVE-2024-4450 affects AliExpress Dropshipping with AliNext Lite for WordPress. The issue is a missing capability check in several functions of ImportAjaxController.php, affecting all versions up to 3.3.5. This allows authenticated attackers with subscriber-level access and above to perform action...
PT-2024-20095 · WordPress · Aliexpress Dropshipping With Alinext Lite
Name of the Vulnerable Software and Affected Versions: AliExpress Dropshipping with AliNext Lite plugin for WordPress versions up to, and including, 3.3.5 Description: The issue is related to arbitrary file uploads due to missing file type validation in the ajax save image function. This allows...
WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-31164 · WordPress · Aliexpress Dropshipping With Alinext Lite
Name of the Vulnerable Software and Affected Versions: AliExpress Dropshipping with AliNext Lite plugin for WordPress versions up to, and including, 3.3.5 Description: The issue is related to a missing capability check on several functions in the ImportAjaxController.php file. This allows...