CVE-2024-37214

Name of the Vulnerable Software and Affected Versions Dropshipping Guru Ali2Woo Lite versions n/a through 3.3.5

Description The issue is related to a Missing Authorization vulnerability, which involves exploiting incorrectly configured access control security levels. It also includes a Stored XSS vulnerability.

Recommendations For versions n/a through 3.3.5, update to a version later than 3.3.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the application until the issue is resolved, if possible. At the moment, there is no information about additional mitigation measures.