CVE-2024-4450 – AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Missing Authorization via Several Functions

https://notcve.org/view.php?id=CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. El complemento AliExpress Dropshipping con AliNext Lite para WordPress es vulnerable al acceso no autorizado debido a una falta de verificación de capacidad en varias funciones en el archivo ImportAjaxController.php en todas las versiones hasta la 3.3.5 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, realicen varias acciones como importar y modificar productos. The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. • https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php https://www.wordfence.com/threat-intel/vulnerabilities/id/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve • CWE-862: Missing Authorization •