[Wordfence Alert] AliNext Lite version has a severe security vulnerability.

Hello, if you check our plugin changelog section, you can find that starting from version 3.3.9, we have addressed such kind of issues and started to use wordpress nonce in all ajax requests as well as check user role who performs the operations.

Below I inserted the copy of 3.3.9 changelog for you

3.3.9 – 2024.07.08
* Enhanced plugin security by adding WordPress nonce to all Ajax methods
Improved plugin security by checking user role in all plugin methods;
* Enhanced plugin security by escaping HTML input in template views;
* Improved plugin security by escaping SQL queries;
* Enhanced order fulfillment module to synchronize product shipping information when refreshing in the fulfillment popup;
* Fixed minor bugs and improve code style;

We close this case because no further replies come.
You can open new thread if problem appear again.

Also, in the past you left a review for AliNext Lite plugin, if you experience become better, feel free to?improve your old review

Still not patched according to Wordfence, so you might want to inform them.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ali2woo-lite/ali2woo-lite-335-cross-site-request-forgery-to-php-object-injection

STILL not fixed.

Alert generated at Friday 8th of November 2024 at 02:12:48 PM

Critical Problems:

* The Plugin “Aliexpress Dropshipping for Woocommerce (AliNext Lite version)” has a security vulnerability:

Vulnerability Severity: 6.1/10.0 (Medium)?Vulnerability Information