2 matches found
CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...
WordPress Sharkdropship for AliExpress Dropship and Affiliate Plugin <= 2.2.4 is vulnerable to Broken Access Control
Software Sharkdropship for AliExpress Dropship and Affiliate Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1732 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e01d5766d97d...