Vulnerabilities > Buildapp > Build APP Online > 1.0.20

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-49649 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buildapp Build APP Online
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23.
network
low complexity
buildapp CWE-829
critical
 9.8
9.8
2024-12-02 CVE-2024-53751 Cross-Site Request Forgery (CSRF) vulnerability in Buildapp Build APP Online
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22.
network
low complexity
buildapp CWE-352
8.8
8.8
2024-06-11 CVE-2023-7264 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Buildapp Build APP Online
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21.
network
low complexity
buildapp CWE-640
critical
 9.8
9.8