cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2381,https://securityvulnerability.io/vulnerability/CVE-2024-2381,Arbitrary File Uploads Vulnerability Affects AliExpress Dropshipping Plugin,"The AliExpress Dropshipping with AliNext Lite plugin for WordPress presents a vulnerability that permits authenticated users, starting from subscriber-level access, to upload arbitrary files. This issue arises from missing file type validation implemented in the ajax_save_image function. All versions up to and including 3.3.5 are affected, which may lead to potential remote code execution on the server. Site owners using this plugin are advised to be cautious and take appropriate security measures to mitigate risks associated with this vulnerability.",Wordpress,Aliexpress Dropshipping With Alinext Lite,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T03:12:32.995Z,0
CVE-2024-4450,https://securityvulnerability.io/vulnerability/CVE-2024-4450,AliNext Lite Plugin Vulnerable to Unauthorized Access,"The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.",Wordpress,Aliexpress Dropshipping With Alinext Lite,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T03:12:27.467Z,0