CVE-2024-1732
Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 abr 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to delete arbitrary posts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
djamio1988 · Sharkdropship & affiliate for AliExpressReferencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059375%40wooshark-aliexpress-importer&new=3059375%40wooshark-aliexpress-importer&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2e636d-e602-4ab0-80f2-525a8a1f8388?source=cve