CVE-2026-57352
Received Received - Intake

Unauthenticated Broken Authentication in ALD Dropshipping

Vulnerability report for CVE-2026-57352, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1390 The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in the WordPress plugin "ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce" version 2.2.0 or earlier. It is a Broken Authentication flaw that allows an unauthenticated attacker to perform actions normally restricted to higher-privileged users, potentially gaining admin access to the website.

This issue is classified under OWASP Top 10 A7: Identification and Authentication Failures and has a CVSS score of 4.8, indicating a low severity impact.

The vulnerability was fixed in version 2.2.1, and users are advised to update immediately.

Impact Analysis

An attacker exploiting this vulnerability could gain unauthorized administrative access to your website, allowing them to perform privileged actions without authentication.

This could lead to unauthorized changes, data manipulation, or other malicious activities on your site.

Mitigation Strategies

To mitigate the vulnerability in the ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin, you should immediately update the plugin to version 2.2.1 or later.

If you are using Patchstack, you can enable auto-updates for vulnerable plugins to ensure you receive patches promptly.

Compliance Impact

The vulnerability involves unauthenticated broken authentication allowing potential unauthorized admin access to the website. Such unauthorized access could lead to exposure or manipulation of personal or sensitive data, which may impact compliance with standards like GDPR or HIPAA that require strict access controls and protection of user data.

However, the provided information does not explicitly discuss the direct impact on compliance with GDPR, HIPAA, or other regulations.

Detection Guidance

This vulnerability affects the WordPress plugin "ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce" version 2.2.0 or earlier. Detection primarily involves identifying if this vulnerable plugin version is installed on your WordPress site.

To detect the vulnerability, you should check the installed plugin version and verify if it is 2.2.0 or earlier. If so, the site is vulnerable.

Suggested commands to check the plugin version on your WordPress installation include:

  • Using WP-CLI (WordPress Command Line Interface): wp plugin list --status=active | grep ald-dropshipping
  • Manually checking the plugin version by inspecting the plugin's main PHP file (usually located in wp-content/plugins/ald-dropshipping/) for the version header.

If the version is 2.2.0 or below, it is recommended to update immediately to version 2.2.1 or later to mitigate the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart