CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32776 – WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32776
22 Apr 2024 — Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. Vulnerabilidad de autorización faltante en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0. The AppPresser plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_logging_callback() function in versions up to, and including, 4.3.0. This makes it possible for unauthenticated attackers to en... • https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31374 – WordPress AppPresser – Mobile App Framework plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31374
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0. The AppPresser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the force_logging_off() function. • https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-mobile-app-framework-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31268 – WordPress AppPresser plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31268
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0. The AppPresser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the toggle_logging_callback() function. • https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4214 – AppPresser <= 4.2.5 - Insecure Password Reset Mechanism
https://notcve.org/view.php?id=CVE-2023-4214
16 Nov 2023 — The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. El complemento AppPresser para WordPress es vulnerable a restablecimientos de contraseña no autorizados en versiones hasta la 4.2.5 incluida. Esto se debe a que el complemento genera un código de restablecimiento demasiado débil y el código utilizado para rest... • https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182 • CWE-620: Unverified Password Change CWE-640: Weak Password Recovery Mechanism for Forgotten Password •