CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

Patchstack•added 2026/03/23 6:17 p.m.•3 views

WordPress Build App Online plugin <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability

Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability discovered by WordFence in WordPress Plugin Build App Online versions = 1.0.23...

5.3CVSS5.8AI score0.00305EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/21 4:17 a.m.•4 views

CVE-2026-3651

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS0.00305EPSS

Exploits0References7

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-3651 Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action

5.3CVSS5.9AI score0.00305EPSS

Exploits0References7

ATTACKERKB•added 2026/03/21 3:26 a.m.•5 views

CVE-2026-3651

5.3CVSS5.9AI score0.00305EPSS

Exploits0References8

CVE•added 2026/03/21 3:26 a.m.•11 views

CVE-2026-3651

The CVE affects the Build App Online WordPress plugin (

5.3CVSS5.9AI score0.00305EPSS

Exploits0References7

Cvelist•added 2026/03/21 3:26 a.m.•29 views

CVE-2026-3651 Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action

5.3CVSS0.00305EPSS

Exploits0References7

Positive Technologies•added 2026/03/21 12:0 a.m.•5 views

PT-2026-26865

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wp ajax nopriv without proper authentication checks, capability...

5.3CVSS5.9AI score0.00305EPSS

Exploits0References8

CNNVD•added 2026/03/21 12:0 a.m.•6 views

WordPress plugin Build App Online 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.9AI score0.00305EPSS

Exploits0References7

Patchstack•added 2026/02/17 6:37 a.m.•10 views

WordPress Build App Online plugin <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism vulnerability

Account Takeover via Weak Password Reset Mechanism vulnerability discovered by Ram - Wordfence in WordPress Plugin Build App Online versions = 1.0.22...

9.8CVSS5.5AI score0.00621EPSS

Exploits0References1Affected Software1