cleantalk
Vulnerabilities and Security Researches

AliExpress Dropshipping with AliNext Lite, CVE-2024-4450

CVE, Research URL

CVE-2024-4450

Home page URL

Security reports for AliExpress Dropshipping with AliNext Lite

Application

AliExpress Dropshipping with AliNext Lite

Published on
Jun 19, 2024
Research Description
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.
Affected versions
Min -, max 3.3.5.
Status
vulnerable
Previous vulnerability researches
AliExpress Dropshipping with AliNext Lite (CVE-2025-30859) , Apr 03, 2025
AliExpress Dropshipping with AliNext Lite (CVE-2024-37211) , Jun 24, 2024
AliExpress Dropshipping with AliNext Lite (CVE-2024-37212) , Jun 24, 2024
AliExpress Dropshipping with AliNext Lite (CVE-2024-37210) , Jun 24, 2024
AliExpress Dropshipping with AliNext Lite (CVE-2024-37213) , Jun 24, 2024
New vulnerability
Custom Posts Order (CVE-2025-32645) , Apr 11, 2025
Popping Content Light (CVE-2025-32115) , Apr 11, 2025
Social Crowd (CVE-2025-31390) , Apr 11, 2025
Review Stream (CVE-2025-32680) , Apr 11, 2025
MMX – Make Me Christmas (CVE-2025-31401) , Apr 11, 2025