cbcvebase.

Hakeemnala Build App Online vulnerabilities

6 known vulnerabilities affecting hakeemnala/build_app_online.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-7264P2CRITICALCVSS 9.8≤ 1.0.222024-06-11
CVE-2023-7264 [CRITICAL] CWE-640 CVE-2023-7264: The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password r The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
nvd
CVE-2025-32577P3CRITICALCVSS 9.8≤ 1.0.232025-04-11
CVE-2025-32577 [CRITICAL] CWE-98 CVE-2025-32577: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23.
nvd
CVE-2024-49649P3CRITICALCVSS 9.8≤ 1.0.232025-01-07
CVE-2024-49649 [CRITICAL] CWE-98 CVE-2024-49649: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23.
nvd
CVE-2024-53751P3HIGHCVSS 8.8≤ 1.0.232024-12-02
CVE-2024-53751 [HIGH] CWE-352 CVE-2024-53751: Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allo Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
nvd
CVE-2026-3651P3MEDIUMCVSS 5.3≤ 1.0.232026-03-21
CVE-2026-3651 [MEDIUM] CWE-862 CVE-2026-3651: The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wp_ajax_nopriv_ without proper authentication checks, capability verification, or nonce validation in the update_vendor_product()
nvd
CVE-2025-53249P4MEDIUMCVSS 6.5≤ 1.0.232025-08-14
CVE-2025-53249 [MEDIUM] CWE-352 CVE-2025-53249: Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allo Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
nvd
Hakeemnala Build App Online vulnerabilities | cvebase