CVE-2024-1732
Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to delete arbitrary posts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
djamio1988 · Sharkdropship & affiliate for AliExpressQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059375%40wooshark-aliexpress-importer&new=3059375%40wooshark-aliexpress-importer&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2e636d-e602-4ab0-80f2-525a8a1f8388?source=cve