WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability
CVE-2023-49848

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Sharkdropship Dropshipping For Aliexpress, Ebay, Amazon, Etsy
Vendor: CVE Published:; 9 December 2024

Summary

Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.

Affected Version(s)

Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1

References

https://patchstack.com/database/wordpress/plugin/woo-alie...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 30, 2023

Credit

Nguyen Xuan Chien (Patchstack Alliance)