CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53751 – WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-53751
28 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Abdul Hakeem Build App Online permite Cross-Site Request Forgery. Este problema afecta a Build App Online: desde n/a hasta 1.0.22. The Build App Online plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to mis... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7264 – Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism
https://notcve.org/view.php?id=CVE-2023-7264
27 Dec 2023 — The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code. El complemento Build App Online para WordPress es vulnerable a la apropiación de cuentas debido a un mecanismo débil de restablecimiento de contraseña en todas las versiones hasta la 1.0.21 incluida. Esto hace posi... • https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L3688 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51478 – WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51478
27 Dec 2023 — Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. Una vulnerabilidad de autenticación incorrecta en Abdul Hakeem Build App Online permite la escalada de privilegios. Este problema afecta a Build App Online: desde n/a hasta 1.0.19. The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking ... • https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51479 – WordPress Build App Online plugin <= 1.0.19 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51479
27 Dec 2023 — Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. Una vulnerabilidad de gestión de privilegios incorrecta en Abdul Hakeem Build App Online permite una escalada de privilegios. Este problema afecta a Build App Online: desde n/a hasta 1.0.19. The Build App Online plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_user_meta' a... • https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3241 – Build App Online < 1.0.19 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-3241
06 Dec 2022 — The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection El complemento Build App Online de WordPress anterior a 1.0.19 no sanitiza ni escapa adecuadamente algunos parámetros antes de usarlos en una declaración SQL a través de una acción AJAX disponible para usuarios no autenticados, lo que lleva a una inyección de SQL. The Build App Online p... • https://wpscan.com/vulnerability/a995dd67-43fc-4087-a7f1-5db57f4c828c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •