Vulnerabilites related to apppresser - apppresser
Vulnerability from fkie_nvd
Published
2023-11-18 02:15
Modified
2024-11-21 08:34
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AD310E2F-6759-441A-B798-456927C53D2E",
"versionEndExcluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit."
},
{
"lang": "es",
"value": "El complemento AppPresser para WordPress es vulnerable a restablecimientos de contrase\u00f1a no autorizados en versiones hasta la 4.2.5 incluida. Esto se debe a que el complemento genera un c\u00f3digo de restablecimiento demasiado d\u00e9bil y el c\u00f3digo utilizado para restablecer la contrase\u00f1a no tiene l\u00edmite de intento ni de tiempo."
}
],
"id": "CVE-2023-4214",
"lastModified": "2024-11-21T08:34:38.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-18T02:15:49.040",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 02:15
Modified
2025-05-17 02:49
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A4E4D62C-536A-42F0-975F-B4DB5BAD7B1D",
"versionEndExcluding": "4.4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator."
},
{
"lang": "es",
"value": "El complemento AppPresser \u2013 Mobile App Framework para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 4.4.4 incluida. Esto se debe a que las funciones appp_reset_password() y validation_reset_password() no tienen suficientes controles para evitar un ataque de fuerza bruta exitoso de la OTP para cambiar una contrase\u00f1a o verificar que una solicitud de restablecimiento de contrase\u00f1a provino de un usuario autorizado. Esto hace posible que atacantes no autenticados generen y usen la fuerza bruta para generar una OTP que permita cambiar la contrase\u00f1a de cualquier usuario, incluido un administrador."
}
],
"id": "CVE-2024-9305",
"lastModified": "2025-05-17T02:49:17.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T02:15:07.050",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.4/inc/AppPresser_Ajax_Extras.php#L31"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.4/inc/AppPresser_WPAPI_Mods.php#L92"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3168744%40apppresser\u0026new=3168744%40apppresser\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45647fa6-a98d-4eb4-a287-f523e434688b?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-13 05:15
Modified
2025-05-26 02:14
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DF8BF0BE-8522-4919-AB8E-32B793EE1FEC",
"versionEndExcluding": "4.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027title\u0027 parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento AppPresser \u2013 Mobile App Framework para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del par\u00e1metro \u0027title\u0027 en todas las versiones hasta la 4.4.10 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas con el registro habilitado, que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"id": "CVE-2025-1561",
"lastModified": "2025-05-26T02:14:52.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-13T05:15:27.890",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.10/templates/template.php#L32"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3254632/apppresser/tags/4.4.11/inc/AppPresser_Log_Admin.php?old=3219464\u0026old_path=apppresser%2Ftags%2F4.4.10%2Finc%2FAppPresser_Log_Admin.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77328e35-b6e6-40eb-8c85-896d54419aef?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-26 11:21
Modified
2025-06-05 17:01
Severity ?
Summary
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0AFA693B-777E-4CFB-9C92-A1C69CA63D78",
"versionEndExcluding": "4.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user\u0027s password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user\u0027s email address, to reset the user\u0027s password and gain access to their account."
},
{
"lang": "es",
"value": "El complemento AppPresser \u2013 Mobile App Framework para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 4.4.6 incluida. Esto se debe a que el complemento no valida correctamente el c\u00f3digo de restablecimiento de contrase\u00f1a de un usuario antes de actualizar su contrase\u00f1a. Esto hace posible que atacantes no autenticados, con conocimiento de la direcci\u00f3n de correo electr\u00f3nico de un usuario, restablezcan la contrase\u00f1a del usuario y obtengan acceso a su cuenta."
}
],
"id": "CVE-2024-11024",
"lastModified": "2025-06-05T17:01:36.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:21:58.660",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3192531/apppresser"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43cb0399-4add-43d5-863c-30e11803bd90?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-230"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 13:15
Modified
2025-05-27 16:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4DD1E947-09EF-47F3-ACD1-42F9CB726CA5",
"versionEndExcluding": "4.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0."
}
],
"id": "CVE-2024-31268",
"lastModified": "2025-05-27T16:00:59.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-12T13:15:17.303",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-15 11:15
Modified
2025-05-27 16:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4DD1E947-09EF-47F3-ACD1-42F9CB726CA5",
"versionEndExcluding": "4.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0."
}
],
"id": "CVE-2024-31374",
"lastModified": "2025-05-27T16:21:35.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-15T11:15:09.100",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-mobile-app-framework-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-mobile-app-framework-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 15:37
Modified
2025-06-09 20:52
Severity ?
Summary
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4DD1E947-09EF-47F3-ACD1-42F9CB726CA5",
"versionEndExcluding": "4.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en AppPresser Team AppPresser. Este problema afecta a AppPresser: desde n/a hasta 4.3.0."
}
],
"id": "CVE-2024-32776",
"lastModified": "2025-06-09T20:52:21.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
},
"published": "2024-05-14T15:37:06.697",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-broken-access-control-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-29 05:16
Modified
2025-06-05 20:48
Severity ?
Summary
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apppresser | apppresser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A5532E6B-4C82-48CE-A6EA-8A3C472F9900",
"versionEndExcluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the \u0027decrypt_value\u0027 and on the \u0027doCookieAuth\u0027 functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the \u0027openssl\u0027 php extension is not loaded on the server."
},
{
"lang": "es",
"value": "El complemento AppPresser para WordPress es vulnerable a un manejo inadecuado de excepciones de cifrado faltantes en las funciones \u0027decrypt_value\u0027 y \u0027doCookieAuth\u0027 en todas las versiones hasta la 4.3.2 incluida. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si previamente utilizaron el inicio de sesi\u00f3n a trav\u00e9s de la API del complemento. Esto s\u00f3lo puede explotarse si la extensi\u00f3n PHP \u0027openssl\u0027 no est\u00e1 cargada en el servidor."
}
],
"id": "CVE-2024-4611",
"lastModified": "2025-06-05T20:48:12.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-05-29T05:16:08.603",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L133"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L167"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_User.php?rev=2789173#L40"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3093975/apppresser"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_User.php?rev=2789173#L40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3093975/apppresser"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-11024 (GCVE-0-2024-11024)
Vulnerability from cvelistv5
Published
2024-11-26 11:04
Modified
2024-11-26 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-230 - Improper Handling of Missing Values
Summary
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Version: * ≤ 4.4.6 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:10:27.394922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:12:10.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khayal Farzaliyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user\u0027s password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user\u0027s email address, to reset the user\u0027s password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-230",
"description": "CWE-230 Improper Handling of Missing Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:04:29.624Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43cb0399-4add-43d5-863c-30e11803bd90?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3192531/apppresser"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-08T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-11-25T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "AppPresser \u2013 Mobile App Framework \u003c= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11024",
"datePublished": "2024-11-26T11:04:29.624Z",
"dateReserved": "2024-11-08T13:58:15.145Z",
"dateUpdated": "2024-11-26T16:12:10.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31268 (GCVE-0-2024-31268)
Vulnerability from cvelistv5
Published
2024-04-12 12:42
Modified
2024-08-02 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppPresser Team | AppPresser |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T19:45:34.148519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T13:09:42.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:05.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "apppresser",
"product": "AppPresser",
"vendor": "AppPresser Team",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.\u003cp\u003eThis issue affects AppPresser: from n/a through 4.3.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T12:42:17.953Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.3.1 or a higher version."
}
],
"value": "Update to 4.3.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress AppPresser plugin \u003c= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31268",
"datePublished": "2024-04-12T12:42:17.953Z",
"dateReserved": "2024-03-29T16:02:17.799Z",
"dateUpdated": "2024-08-02T01:46:05.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9305 (GCVE-0-2024-9305)
Vulnerability from cvelistv5
Published
2024-10-16 02:05
Modified
2024-10-16 13:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Summary
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Version: * ≤ 4.4.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThanOrEqual": "4.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:31:56.206529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:35:08.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.4.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T02:05:04.962Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45647fa6-a98d-4eb4-a287-f523e434688b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.4/inc/AppPresser_Ajax_Extras.php#L31"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.4/inc/AppPresser_WPAPI_Mods.php#L92"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3168744%40apppresser\u0026new=3168744%40apppresser\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-15T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "AppPresser \u2013 Mobile App Framework \u003c= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9305",
"datePublished": "2024-10-16T02:05:04.962Z",
"dateReserved": "2024-09-27T17:38:50.213Z",
"dateUpdated": "2024-10-16T13:35:08.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4611 (GCVE-0-2024-4611)
Vulnerability from cvelistv5
Published
2024-05-29 04:30
Modified
2024-08-01 20:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Version: * ≤ 4.3.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThanOrEqual": "4.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T15:40:42.572321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:31.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_User.php?rev=2789173#L40"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L167"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L133"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3093975/apppresser"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.3.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the \u0027decrypt_value\u0027 and on the \u0027doCookieAuth\u0027 functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the \u0027openssl\u0027 php extension is not loaded on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T04:30:14.177Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_User.php?rev=2789173#L40"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L167"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_Theme_Switcher.php?rev=2456516#L133"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3093975/apppresser"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-07T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-05-07T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-28T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "AppPresser \u003c= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4611",
"datePublished": "2024-05-29T04:30:14.177Z",
"dateReserved": "2024-05-07T14:59:27.872Z",
"dateUpdated": "2024-08-01T20:47:41.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1561 (GCVE-0-2025-1561)
Vulnerability from cvelistv5
Published
2025-03-13 04:21
Modified
2025-03-17 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Version: * ≤ 4.4.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T21:26:18.139339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T21:29:01.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.4.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027title\u0027 parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T04:21:05.201Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77328e35-b6e6-40eb-8c85-896d54419aef?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.10/templates/template.php#L32"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3254632/apppresser/tags/4.4.11/inc/AppPresser_Log_Admin.php?old=3219464\u0026old_path=apppresser%2Ftags%2F4.4.10%2Finc%2FAppPresser_Log_Admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "AppPresser \u2013 Mobile App Framework \u003c= 4.4.10 - Unauthenticated Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1561",
"datePublished": "2025-03-13T04:21:05.201Z",
"dateReserved": "2025-02-21T16:49:20.221Z",
"dateUpdated": "2025-03-17T21:29:01.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4214 (GCVE-0-2023-4214)
Vulnerability from cvelistv5
Published
2023-11-18 01:54
Modified
2024-11-19 18:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Version: * ≤ 4.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThan": "4.3,0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T20:50:57.152920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:48:41.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.2.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-620 Unverified Password Change",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-18T01:54:34.583Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-07T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-07T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-16T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4214",
"datePublished": "2023-11-18T01:54:34.583Z",
"dateReserved": "2023-08-07T18:54:22.417Z",
"dateUpdated": "2024-11-19T18:48:41.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31374 (GCVE-0-2024-31374)
Vulnerability from cvelistv5
Published
2024-04-15 10:23
Modified
2024-08-08 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppPresser Team | AppPresser |
Version: n/a < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-mobile-app-framework-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T13:10:56.558299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:12:46.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "apppresser",
"product": "AppPresser",
"vendor": "AppPresser Team",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.\u003cp\u003eThis issue affects AppPresser: from n/a through 4.3.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T10:23:56.789Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-mobile-app-framework-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.3.1 or a higher version."
}
],
"value": "Update to 4.3.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress AppPresser \u2013 Mobile App Framework plugin \u003c= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31374",
"datePublished": "2024-04-15T10:23:56.789Z",
"dateReserved": "2024-04-01T06:51:34.353Z",
"dateUpdated": "2024-08-08T19:12:46.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32776 (GCVE-0-2024-32776)
Vulnerability from cvelistv5
Published
2024-05-10 08:43
Modified
2024-08-02 02:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AppPresser Team | AppPresser |
Version: n/a < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T16:57:35.567398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:45.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "apppresser",
"product": "AppPresser",
"vendor": "AppPresser Team",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in AppPresser Team AppPresser.\u003cp\u003eThis issue affects AppPresser: from n/a through 4.3.0.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-10T08:43:20.348Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/apppresser/wordpress-apppresser-plugin-4-3-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.3.1 or a higher version."
}
],
"value": "Update to 4.3.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress AppPresser plugin \u003c= 4.3.0 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32776",
"datePublished": "2024-05-10T08:43:20.348Z",
"dateReserved": "2024-04-18T09:15:05.276Z",
"dateUpdated": "2024-08-02T02:20:35.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}