VYPR

AliExpress Dropshipping with AliNext Lite

by WordPress

CVEs (2)

  • CVE-2024-2381HigJun 19, 2024
    risk 0.50cvss 8.8epss 0.01

    The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with…

  • CVE-2024-4450MedJun 19, 2024
    risk 0.34cvss 6.3epss 0.00

    The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for…