WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...

WordPress App Builder plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress App Builder plugin suffers from an improper access control vulnerability that stems from a lack of authorization, and no detailed vulnerability details are provide...

CVE-2024-9302

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verifyotpforgotpassword and updatepassword functions not having enough controls to preve...

WordPress App Builder – Create Native Android & iOS Apps On The Flight plugin <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP vulnerability

Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin App Builder versions = 5.3.7...

WordPress App Builder Plugin <= 5.3.7 is vulnerable to Broken Authentication

Software App Builder Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A3: Injection Classification Broken Authentication CVE CVE-2024-9302 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 82e5ff2f8d20 Credits wesley wcraft Required privilege...

WordPress App Builder plugin <= 3.8.7 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin App Builder versions = 3.8.7...

WordPress App Builder Plugin <= 3.8.7 is vulnerable to Open Redirection

Software App Builder Type Plugin Vulnerable versions = 3.8.7 Fixed in 3.8.8 OWASP Top 10 A4: Insecure Design Classification Open Redirection CVE CVE-2024-31282 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID d4752ee01a2d Credits Yudistira Arya Required privilege...