CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32577 – WordPress Build App Online Plugin <= 1.0.23 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32577
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23. The Build App Online plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.23. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code ... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31816 – WordPress Mobile App Canvas Plugin <= 3.8.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31816
01 Apr 2025 — Missing Authorization vulnerability in pietro Mobile App Canvas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile App Canvas: from n/a through 3.8.1. The Mobile App Canvas – Convert your Website Into an App for iOS and Android plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level access and ... • https://patchstack.com/database/wordpress/plugin/mobile-app/vulnerability/wordpress-mobile-app-canvas-plugin-3-8-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23042 – Gradio Blocked Path ACL Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-23042
14 Jan 2025 — Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent s... • https://github.com/gradio-app/gradio/security/advisories/GHSA-j2jg-fq62-7c3h • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49649 – WordPress Build App Online plugin <= 1.0.23 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-49649
06 Jan 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23. La vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivo remoto PHP') en Abdul Hakeem Build App Online permite la inclusión de archivos locales PHP. Este problema afecta a Build App On... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22364 – WordPress Ach Invoice App plugin <= 1.0.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-22364
03 Jan 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App allows PHP Local File Inclusion.This issue affects Ach Invoice App: from n/a through 1.0.1. Vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en PHP Program ('Inclusión de archivo remoto PHP') en Service Shogun Ach Invoice App permite la inclusión de archivos locales PHP. Este problema afecta a Ach Invoice App: de... • https://patchstack.com/database/wordpress/plugin/ach-invoice-app/vulnerability/wordpress-ach-invoice-app-plugin-1-0-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55977 – WordPress LaunchPage.app Importer plugin <= 1.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-55977
14 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in launch-page-importer LaunchPage.app Importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through 1.1. The LaunchPage.app Importer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthentic... • https://patchstack.com/database/wordpress/plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53751 – WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-53751
28 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Abdul Hakeem Build App Online permite Cross-Site Request Forgery. Este problema afecta a Build App Online: desde n/a hasta 1.0.22. The Build App Online plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to mis... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51751 – Arbitrary file read with File and UploadButton components in Gradio
https://notcve.org/view.php?id=CVE-2024-51751
06 Nov 2024 — Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50527 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50527
30 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.2.3. This makes it possible for unauthenticated attackers to upload arbit... • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50528 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-50528
30 Oct 2024 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.3. This makes it possible for unauthenticated attackers to extract sensiti... • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •