CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-51478

CVSS 9.8v3.1pub. 2024-04-25upd. 2026-04-28

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.

🤖 AI Analysis
How it works

The error results from improper implementation of the authentication mechanism (CWE-287) and lack of authentication requirements for critical functions (CWE-306). An attacker remotely, without possessing any credentials, can bypass identity verification procedures and gain access to protected resources or plugin functions. As a result, it is possible to take over existing user accounts without their knowledge and consent.

Impact

An attacker can perform unauthorized account takeover and escalate their privileges, which in practice can mean gaining full control over a WordPress site, including the administrator account.

Mitigation & patch

Update the Build App Online plugin to a version higher than 1.0.19. If an update is not available, immediately deactivate and remove the plugin, then monitor information from the vendor and the Patchstack database to obtain a patch.

Who is affected

WordPress Build App Online plugin by Abdul Hakeem, versions from the beginning up to and including 1.0.19.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Buildapp Build App Online

    APP
    Buildapp
    < 1.0.20
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2024-49649CRITICAL9.8PL ✓ten sam produkt

PHP Local File Inclusion w wtyczce WordPress Build App Online

CVE-2023-7264HIGH8.1ten sam produkt

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mecha...

CVE-2023-51479HIGH8.8ten sam produkt

Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This ...

CVE-2024-53751MEDIUM5.4ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross S...