The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve - Third Party Advisory |
20 Sep 2024, 00:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ali2woo:aliexpress_dropshipping_with_alinext:*:*:*:*:lite:wordpress:*:* | |
CWE | CWE-862 | |
First Time |
Ali2woo aliexpress Dropshipping With Alinext
Ali2woo |
|
References | () https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve - Third Party Advisory |
20 Jun 2024, 12:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-19 04:15
Updated : 2024-11-21 09:42
NVD link : CVE-2024-4450
Mitre link : CVE-2024-4450
CVE.ORG link : CVE-2024-4450
JSON object : View
Products Affected
ali2woo
- aliexpress_dropshipping_with_alinext
CWE
CWE-862
Missing Authorization