CVE Catalog

CVE-2026-57352

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Summary

The ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin version 2.2.0 and earlier contains a vulnerability allowing an unauthenticated attacker to break the authentication mechanism. This flaw enables bypassing the login process and gaining unauthorized access to administrative functions.

Risk Assessment

The risk involves potential takeover of the WooCommerce store by an unauthorized individual, leading to customer data theft, product manipulation, or complete site compromise.

Recommendation

Immediately update the ALD plugin to a version higher than 2.2.0, which includes a fix for this vulnerability. Also review access logs for any suspicious activity.

Original NVD description (English source)

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS