Vulnerabilities and security researches forali2woo-lite ali2woo-lite

Jun 20, 2024

CVE, Research URL: CVE-2024-2381
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Jun 19, 2024
Research Description: The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-4450
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Jun 19, 2024
Research Description: The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.
Affected versions: Min -, max -.
Status: vulnerable

Jun 24, 2024

CVE, Research URL: CVE-2024-37211
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Jul 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-37212
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Jun 21, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-37210
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: -
Research Description: AliExpress Dropshipping Plugin for WooCommerce – AliNext [ali2woo-lite] < 3.3.7 CVE-2024-37210
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-37213
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Jul 12, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-37214
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-30859
Home page URL: Security reports for AliExpress Dropshipping with AliNext Lite
Application: AliExpress Dropshipping with AliNext Lite
Date: Mar 27, 2025
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1.
Affected versions: Min -, max -.
Status: vulnerable