3 matches found
CVE-2024-7651
CVE-2024-7651 affects the WordPress plugin “App Builder – Create Native Android & iOS Apps On The Flight”. The vulnerability is an unauthenticated limited SQL injection via the app-builder-search parameter in versions up to 4.2.6, caused by insufficient escaping and lack of proper query preparati...
CVE-2024-31282
CVE-2024-31282 is an Open Redirect vulnerability in App Builder (WordPress/plugin), affecting versions from n/a up to 3.8.7. The issue is described as a URL redirection to an untrusted site. Reports in connected docs confirm the vulnerability type and affected range; a patched release exists, and...
CVE-2024-9302
CVE-2024-9302 affects the WordPress plugin App Builder – Create Native Android & iOS Apps On The Flight, versions up to 5.3.7. The vulnerability enables privilege escalation/account takeover via weak OTP handling in verify_otp_forgot_password() and update_password(), allowing unauthenticated atta...