CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32577 – WordPress Build App Online Plugin <= 1.0.23 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32577
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23. The Build App Online plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.23. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code ... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49649 – WordPress Build App Online plugin <= 1.0.23 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-49649
06 Jan 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23. La vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivo remoto PHP') en Abdul Hakeem Build App Online permite la inclusión de archivos locales PHP. Este problema afecta a Build App On... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53751 – WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-53751
28 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Abdul Hakeem Build App Online permite Cross-Site Request Forgery. Este problema afecta a Build App Online: desde n/a hasta 1.0.22. The Build App Online plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to mis... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51478 – WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51478
27 Dec 2023 — Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. Una vulnerabilidad de autenticación incorrecta en Abdul Hakeem Build App Online permite la escalada de privilegios. Este problema afecta a Build App Online: desde n/a hasta 1.0.19. The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking ... • https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51479 – WordPress Build App Online plugin <= 1.0.19 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51479
27 Dec 2023 — Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. Una vulnerabilidad de gestión de privilegios incorrecta en Abdul Hakeem Build App Online permite una escalada de privilegios. Este problema afecta a Build App Online: desde n/a hasta 1.0.19. The Build App Online plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_user_meta' a... • https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •