Vulnerabilities > Ali2Woo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-37211 | Cross-site Scripting vulnerability in Ali2Woo Aliexpress Dropshipping With Alinext Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | 6.1 |
| 2024-06-21 | CVE-2024-37212 | Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo 3.3.5 Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | 8.8 |
| 2024-06-19 | CVE-2024-2381 | Unrestricted Upload of File with Dangerous Type vulnerability in Ali2Woo Aliexpress Dropshipping With Alinext The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. | 8.8 |
| 2024-06-19 | CVE-2024-4450 | Missing Authorization vulnerability in Ali2Woo Aliexpress Dropshipping With Alinext The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. | 6.3 |