cleantalk
Vulnerabilities and Security Researches

AliExpress Dropshipping with AliNext Lite, CVE-2024-2381

CVE, Research URL

CVE-2024-2381

Home page URL

Security reports for AliExpress Dropshipping with AliNext Lite

Application

AliExpress Dropshipping with AliNext Lite

Published on
Jun 19, 2024
Research Description
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 3.3.5.
Status
vulnerable
Previous vulnerability researches
AliExpress Dropshipping with AliNext Lite (CVE-2025-30859) , Apr 03, 2025
AliExpress Dropshipping with AliNext Lite (CVE-2024-37211) , Jun 24, 2024
AliExpress Dropshipping with AliNext Lite (CVE-2024-37212) , Jun 24, 2024
AliExpress Dropshipping with AliNext Lite (CVE-2024-37210) , Jun 24, 2024
AliExpress Dropshipping with AliNext Lite (CVE-2024-37213) , Jun 24, 2024
New vulnerability
AI Content Writer, AI Image Generator ChatGPT SEO Help (CVE-2025-32675) , Apr 11, 2025
NewsBoard Post and RSS Scroller (CVE-2025-31402) , Apr 11, 2025
Specia Companion (CVE-2025-32212) , Apr 11, 2025
Custom Posts Order (CVE-2025-32645) , Apr 11, 2025
Popping Content Light (CVE-2025-32115) , Apr 11, 2025