VYPR

Ali2woo Lite

by WordPress

Source repositories

CVEs (7)

  • CVE-2024-37212HigJun 21, 2024
    risk 0.54cvss 8.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.

  • CVE-2024-2381HigJun 19, 2024
    risk 0.50cvss 8.8epss 0.01

    The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with…

  • CVE-2024-37211HigJul 22, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.

  • CVE-2024-37213HigJul 12, 2024
    risk 0.39cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in guru-aliexpress AliNext ali2woo-lite allows Cross Site Request Forgery.This issue affects AliNext: from n/a through <= 3.4.6.

  • CVE-2024-37214MedNov 1, 2024
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.

  • CVE-2024-4450MedJun 19, 2024
    risk 0.34cvss 6.3epss 0.00

    The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for…

  • CVE-2025-30859MedMar 27, 2025
    risk 0.24cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in guru-aliexpress AliNext ali2woo-lite allows Phishing.This issue affects AliNext: from n/a through <= 3.5.1.