Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-03-23
CVE-2026-3651 - Build App Online Plugin
The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wp_ajax_nopriv_ without proper authentication checks, capability verification, or nonce validation in the update_vendor_product() function. The function accepts a user-supplied post ID from the request and calls wp_update_post() to modify the post_author field without validating whether the user has permission to modify the specified post. This makes it possible for unauthenticated attackers to modify the post_author of arbitrary posts…
PLUGIN
Build App Online
CVE-2026-3651
Risk Score
Threat Entry
Updated 2025-02-05
CVE-2023-7264 - Build App Online Plugin
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
PLUGIN
Build App Online
CVE-2023-7264
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4186 - Build App Online Plugin
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.
PLUGIN
Build App Online
CVE-2024-4186
Risk Score