CVE-2024-1732
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Apr 2, 2024
Summary
CVE-2024-1732 is a vulnerability affecting the Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress. This issue stems from a missing capability check in the wads_removeProductFromShop() function, which is present in all versions up to 2.2.4. As a result, unauthenticated attackers can exploit this flaw to delete arbitrary posts, leading to unauthorized loss of data. This vulnerability poses a significant risk and requires immediate attention from plugin users to update to a patched version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share