Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
14027.2%HIGH

Related CVEs

4
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-37211Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.MEDIUM6.116.9%Jul 22, 2024
CVE-2024-37212Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.HIGH8.811.2%Jun 21, 2024
CVE-2024-4450The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. CVE-2024-37210 is likely a duplicate of this issue.MEDIUM6.325.2%Jun 19, 2024
CVE-2024-2381The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.HIGH8.855.5%Jun 19, 2024