cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11024,https://securityvulnerability.io/vulnerability/CVE-2024-11024,Potential Privilege Escalation Vulnerability in AppPresser Mobile App Framework Plugin for WordPress,"The AppPresser Mobile App Framework plugin for WordPress has a vulnerability that enables privilege escalation through account takeover. In versions up to and including 4.4.6, the plugin fails to correctly validate a user's password reset code before allowing a password update. This oversight permits unauthorized attackers, who possess a user's email address, to reset the user's password and potentially gain access to their account. This vulnerability underscores the need for robust security measures to properly validate user actions and safeguard personal information.",Wordpress,Apppresser – Mobile App Framework,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-26T11:04:29.624Z,0
CVE-2024-9305,https://securityvulnerability.io/vulnerability/CVE-2024-9305,Unauthorized Password Reset Vulnerability in AppPresser's Mobile App Framework,"The AppPresser – Mobile App Framework plugin for WordPress has a vulnerability that allows for privilege escalation through account takeover. This issue affects all versions up to and including 4.4.4. The root cause lies in the insufficient controls of the appp_reset_password() and validate_reset_password() functions. These functions can be exploited by unauthenticated attackers to generate and brute force a one-time password (OTP) for maliciously altering user passwords, including those of administrators. This serious security flaw highlights the importance of implementing robust mechanisms to verify the authenticity of password reset requests.",Wordpress,Apppresser – Mobile App Framework,8.1,HIGH,0.0006300000241026282,false,,false,false,false,,false,false,2024-10-16T02:05:04.962Z,0
CVE-2024-4611,https://securityvulnerability.io/vulnerability/CVE-2024-4611,"Unauthenticated attackers can log in as any existing user on the site, including administrators, via the plugin API","The AppPresser plugin for WordPress has a vulnerability related to improper missing encryption exception handling in the 'decrypt_value' and 'doCookieAuth' functions. All versions up to and including 4.3.2 are affected. This vulnerability permits unauthenticated attackers to gain access as any existing user, including administrative accounts, provided the user previously logged in through the plugin API. The exploitation of this vulnerability is contingent upon the absence of the 'openssl' PHP extension on the server, which can potentially leave sites exposed to unauthorized access and compromise.",Wordpress,Apppresser – Mobile App Framework,8.1,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-29T04:30:14.177Z,0
CVE-2023-4214,https://securityvulnerability.io/vulnerability/CVE-2023-4214,Unauthorized Password Reset Vulnerability in AppPresser Plugin for WordPress,"The AppPresser plugin for WordPress is susceptible to unauthorized password resets due to weak reset code generation. This vulnerability affects versions up to and including 4.2.5, where the reset code lacks sufficient complexity and is not time-limited. As a result, attackers can exploit this weakness to reset user passwords without proper authentication, posing a significant security risk to affected WordPress sites.",Wordpress,Apppresser – Mobile App Framework,8.1,HIGH,0.001550000044517219,false,,false,false,false,,false,false,2023-11-18T02:15:00.000Z,0