3 matches found
CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2381
CVE-2024-2381 affects the AliExpress Dropshipping with AliNext Lite plugin for WordPress. The vulnerability is an arbitrary file upload due to missing file type validation in ajax_save_image in all versions up to 3.3.5. It requires authentication at subscriber level or higher, enabling an attacke...
WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload
Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-2381 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d2eaecbf428e Credits Lucio Sá Required privilege Subscriber...