Search
Find a vulnerability
Search criteria
4 vulnerabilities found for ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce by VillaTheme
CVE-2026-57352 (GCVE-0-2026-57352)
Vulnerability from nvd – Published: 2026-07-02 11:15 – Updated: 2026-07-02 12:11
VLAI
Title
WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2.0 - Broken Authentication vulnerability
Summary
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VillaTheme | ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce |
Affected:
n/a , ≤ 2.2.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:11:08.797819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:11:14.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce",
"vendor": "VillaTheme",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ananda Dhakal (Patchstack) | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Authentication in ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce \u003c= 2.2.0 versions."
}
],
"value": "Unauthenticated Broken Authentication in ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce \u003c= 2.2.0 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T11:26:29.530Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-2-2-0-broken-authentication-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin to the latest available version (at least 2.2.1)."
}
],
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin to the latest available version (at least 2.2.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin \u003c= 2.2.0 - Broken Authentication vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-57352",
"datePublished": "2026-07-02T11:15:12.503Z",
"dateReserved": "2026-06-24T12:45:36.888Z",
"dateUpdated": "2026-07-02T12:11:14.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-46811 (GCVE-0-2022-46811)
Vulnerability from nvd – Published: 2024-12-13 14:22 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF
Summary
Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VillaTheme(villatheme.com) | ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce |
Affected:
n/a , ≤ 1.0.21
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T21:21:36.706577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T21:21:50.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-alidropship",
"product": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce",
"vendor": "VillaTheme(villatheme.com)",
"versions": [
{
"changes": [
{
"at": "1.0.22",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.21",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cat (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:54.697Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-1-0-21-broken-access-control-csrf?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin to the latest available version (at least 1.0.22)."
}
],
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin to the latest available version (at least 1.0.22)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin \u003c= 1.0.21 - Broken Access Control + CSRF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-46811",
"datePublished": "2024-12-13T14:22:07.796Z",
"dateReserved": "2022-12-08T09:38:31.433Z",
"dateUpdated": "2026-04-28T16:07:54.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57352 (GCVE-0-2026-57352)
Vulnerability from cvelistv5 – Published: 2026-07-02 11:15 – Updated: 2026-07-02 12:11
VLAI
Title
WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2.0 - Broken Authentication vulnerability
Summary
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VillaTheme | ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce |
Affected:
n/a , ≤ 2.2.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:11:08.797819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:11:14.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce",
"vendor": "VillaTheme",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ananda Dhakal (Patchstack) | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Authentication in ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce \u003c= 2.2.0 versions."
}
],
"value": "Unauthenticated Broken Authentication in ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce \u003c= 2.2.0 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T11:26:29.530Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-2-2-0-broken-authentication-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin to the latest available version (at least 2.2.1)."
}
],
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin to the latest available version (at least 2.2.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin \u003c= 2.2.0 - Broken Authentication vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-57352",
"datePublished": "2026-07-02T11:15:12.503Z",
"dateReserved": "2026-06-24T12:45:36.888Z",
"dateUpdated": "2026-07-02T12:11:14.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-46811 (GCVE-0-2022-46811)
Vulnerability from cvelistv5 – Published: 2024-12-13 14:22 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF
Summary
Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VillaTheme(villatheme.com) | ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce |
Affected:
n/a , ≤ 1.0.21
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T21:21:36.706577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T21:21:50.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-alidropship",
"product": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce",
"vendor": "VillaTheme(villatheme.com)",
"versions": [
{
"changes": [
{
"at": "1.0.22",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.21",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cat (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:54.697Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/woo-alidropship/vulnerability/wordpress-ald-dropshipping-and-fulfillment-for-aliexpress-and-woocommerce-plugin-1-0-21-broken-access-control-csrf?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin to the latest available version (at least 1.0.22)."
}
],
"value": "Update the WordPress ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce plugin to the latest available version (at least 1.0.22)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin \u003c= 1.0.21 - Broken Access Control + CSRF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-46811",
"datePublished": "2024-12-13T14:22:07.796Z",
"dateReserved": "2022-12-08T09:38:31.433Z",
"dateUpdated": "2026-04-28T16:07:54.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}