CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13536 – 1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-13536
20 Jan 2025 — The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.... • https://plugins.trac.wordpress.org/browser/1003-mortgage-application/trunk/inc/class/fnm/export.php • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45357 – WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45357
02 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en Lenderd 1003 Mortgage Application. Este problema afecta a 1003 Mortgage Application: desde n/a hasta 1.75. The 1003 Mortgage Application plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.75. This allows unauth... • https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-csv-injection?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •