Buildapp: >> Build App Online >> 1.0.18 Security Vulnerabilities
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-12-02
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
CVSS Score
8.1
EPSS Score
0.009
Published
2024-06-11
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-17
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-04-25