CVE-2024-4450
AliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several Functions
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. CVE-2024-37210 is likely a duplicate of this issue.
| CWE | CWE-862 |
| Vendor | ali2woo |
| Product | aliexpress dropshipping plugin for woocommerce & wordpress |
| Published | Jun 19, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for ali2woo aliexpress dropshipping plugin for woocommerce & wordpress
Be the first to know when new medium vulnerabilities affecting ali2woo aliexpress dropshipping plugin for woocommerce & wordpress are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
ali2woo / AliExpress Dropshipping Plugin for WooCommerce & WordPress
0 โค 3.3.6
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3111831#file10
Credits
Lucio Sรก