WordPress Plugin Vulnerabilities

AliExpress Dropshipping and Fulfilment for WooCommerce < 1.1.1 - Unauthenticated Sensitive Data Exposure

Description

The plugin disclose sensitive information to unauthenticated users via a crafted request

Affects Plugins

Plugin icon
woocommerce-alidropship
Fixed in 1.1.1

References

CVE
CVE-2022-41623

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
3fcb4331-1801-479f-aa3c-8bdbd595d0b0

Timeline

Publicly Published
2022-10-12 (about 3 years ago)
Added
2022-10-15 (about 3 years ago)
Last Updated
2022-10-15 (about 3 years ago)

Other

Published
Title
Published
2025-10-26
Title
Shortcodes and extra features for Phlox <= 2.17.12 - Unauthenticated Information Exposure
Published
2023-09-25
Title
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
Published
2025-11-26
Title
eRoom < 1.5.7 - Unauthenticated Information Exposure
Published
2024-12-19
Title
Page Restriction WordPress (WP) – Protect WP Pages/Post < 1.3.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2024-10-10
Title
ShopLentor < 2.9.9 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template