WordPress plugin App Builder 授权问题漏洞

🗓️ 25 Oct 2024 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

Authorization vulnerability in WordPress App Builder plugin up to 5.3.7 enables account takeover.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-9302	25 Oct 202410:23	–	circl
CVE	CVE-2024-9302	25 Oct 202406:51	–	cve
Cvelist	CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP	25 Oct 202406:51	–	cvelist
EUVD	EUVD-2024-49847	3 Oct 202520:07	–	euvd
NVD	CVE-2024-9302	25 Oct 202407:15	–	nvd
Patchstack	WordPress App Builder – Create Native Android & iOS Apps On The Flight plugin <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP vulnerability	24 Oct 202421:52	–	patchstack
Patchstack	WordPress App Builder Plugin <= 5.3.7 is vulnerable to Broken Authentication	24 Oct 202400:00	–	patchstack
Positive Technologies	PT-2024-39557 · WordPress · The App Builder – Create Native Android & Ios Apps On The Flight	25 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-9302	5 Feb 202504:28	–	redhatcve
Vulnrichment	CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP	25 Oct 202406:51	–	vulnrichment

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6
plugins	www.plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php
plugins	www.plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php
plugins	www.plugins.trac.wordpress.org/changeset/3161215/

31 Dec 2025 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.18.1 - 9.8

EPSS0.00715

SSVC

WordPress App Builder plugin authorization vulnerability