Lucene search
K

158 matches found

Nuclei
Nuclei
added 18 hours ago36 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS6.2AI score0.07959EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/07/01 1:29 p.m.9 views

CVE-2026-54672

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 10:15 p.m.2 views

CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/02 3:36 a.m.36 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS0.00306EPSS
Exploits0References10
CVE
CVE
added 2026/05/02 3:36 a.m.9 views

CVE-2026-7638

CVE-2026-7638 details : The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress (WordPress plugin) is vulnerable to Insecure Direct Object Reference in all versions up to 5.6.0. The root cause is missing authorization validation in the upload_avatar() function, which...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/02 3:36 a.m.5 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/02 3:36 a.m.4 views

CVE-2026-7638

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/02 3:36 a.m.40 views

EUVD-2026-26732

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36563

Name of the Vulnerable Software and Affected Versions App Builder – Create Native Android & iOS Apps On The Flight versions prior to 5.6.1 Description An Insecure Direct Object Reference IDOR exists due to missing authorization validation in the upload avatar function. The...

5.3CVSS5.8AI score0.00306EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin App Builder – Create Native Android & iOS Apps On The Flight 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

5.3CVSS5.8AI score0.00306EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.9 views

WordPress WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards plugin <= 5.5.31 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Data Access versions = 5.5.31...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-2375

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 7:5 p.m.6 views

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.3 views

EUVD-2026-14012

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 4:16 a.m.4 views

CVE-2026-2375

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS0.0028EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.1 views

CVE-2026-2375 App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.4 views

CVE-2026-2375

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.30 views

CVE-2026-2375 App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS0.0028EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-2375

The CVE covers the App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress. Affected: plugin version range up to 5.5.10 on WordPress sites using WCFM Marketplace. Root cause: verify_role() in AuthTrails.php explicitly whitelists the wcfm_vendor role alongside subscriber ...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin App Builder – Create Native Android & iOS Apps On The Flight 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References3
Rows per page
Query Builder