CVE-2024-37211
- EPSS 0.17%
- Veröffentlicht 22.07.2024 10:15:06
- Zuletzt bearbeitet 21.11.2024 09:23:24
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-37212
- EPSS 0.24%
- Veröffentlicht 21.06.2024 14:15:12
- Zuletzt bearbeitet 27.02.2026 21:48:43
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-4450
- EPSS 0.13%
- Veröffentlicht 19.06.2024 04:15:11
- Zuletzt bearbeitet 08.04.2026 17:18:54
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This make...
CVE-2024-2381
- EPSS 9.59%
- Veröffentlicht 19.06.2024 04:15:10
- Zuletzt bearbeitet 08.04.2026 19:21:06
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for aut...