CVE-2024-4450
📋 TL;DR
The AliExpress Dropshipping with AliNext Lite WordPress plugin has a missing capability check vulnerability that allows authenticated attackers with subscriber-level access or higher to import and modify products without proper authorization. This affects all WordPress sites using the plugin up to version 3.3.5. Attackers can manipulate product data and potentially disrupt e-commerce operations.
💻 Affected Systems
- AliExpress Dropshipping with AliNext Lite WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete or modify all products, inject malicious content, or disrupt e-commerce operations completely, leading to financial loss and reputational damage.
Likely Case
Attackers will modify product listings, change prices, or add unauthorized products to the store, causing operational disruption and potential financial impact.
If Mitigated
With proper user role management and monitoring, impact is limited to minor data manipulation that can be detected and rolled back.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is in publicly accessible AJAX endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3.6 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'AliExpress Dropshipping with AliNext Lite'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version 3.3.6+ from WordPress repository.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched version is available
wp plugin deactivate ali2woo-lite
Restrict User Roles
allRemove subscriber and other low-privilege roles from WordPress site
wp user list --role=subscriber --field=ID | xargs wp user delete
🧯 If You Can't Patch
- Implement strict user role management and only grant administrative access to trusted users
- Enable comprehensive logging and monitoring of product import/modification activities
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → AliExpress Dropshipping with AliNext Lite → Version. If version is 3.3.5 or lower, you are vulnerable.Check Version:
wp plugin get ali2woo-lite --field=versionVerify Fix Applied:
After update, verify plugin version shows 3.3.6 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual product import/modification activities from non-admin users
- AJAX requests to /wp-admin/admin-ajax.php with action parameters related to product imports
Network Indicators:
- POST requests to admin-ajax.php with 'action' parameter containing 'ali2woo_' from non-admin IP addresses
SIEM Query:
source="wordpress.log" AND ("ali2woo" OR "ImportAjaxController") AND user_role!="administrator"🔗 References
- https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve
- https://plugins.trac.wordpress.org/browser/ali2woo-lite/trunk/includes/classes/controller/ImportAjaxController.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve
