Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
The error results from improper implementation of the authentication mechanism (CWE-287) and lack of authentication requirements for critical functions (CWE-306). An attacker remotely, without possessing any credentials, can bypass identity verification procedures and gain access to protected resources or plugin functions. As a result, it is possible to take over existing user accounts without their knowledge and consent.
An attacker can perform unauthorized account takeover and escalate their privileges, which in practice can mean gaining full control over a WordPress site, including the administrator account.
Update the Build App Online plugin to a version higher than 1.0.19. If an update is not available, immediately deactivate and remove the plugin, then monitor information from the vendor and the Patchstack database to obtain a patch.
WordPress Build App Online plugin by Abdul Hakeem, versions from the beginning up to and including 1.0.19.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBuildapp Build App Online
APPBuildapp< 1.0.20
Related vulnerabilities
PHP Local File Inclusion w wtyczce WordPress Build App Online
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mecha...
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This ...
Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross S...