CVE-2026-57352
MediumCVSS 4.8Summary
The ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin version 2.2.0 and earlier contains a vulnerability allowing an unauthenticated attacker to break the authentication mechanism. This flaw enables bypassing the login process and gaining unauthorized access to administrative functions.
Risk Assessment
The risk involves potential takeover of the WooCommerce store by an unauthorized individual, leading to customer data theft, product manipulation, or complete site compromise.
Recommendation
Immediately update the ALD plugin to a version higher than 2.2.0, which includes a fix for this vulnerability. Also review access logs for any suspicious activity.
Original NVD description (English source)
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.

