Vulnerabilities > Buildapp > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-49649 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buildapp Build APP Online
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23.
network
low complexity
buildapp CWE-829
critical
 9.8
9.8
2024-06-11 CVE-2023-7264 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Buildapp Build APP Online
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21.
network
low complexity
buildapp CWE-640
critical
 9.8
9.8
2024-04-25 CVE-2023-51478 Missing Authentication for Critical Function vulnerability in Buildapp Build APP Online
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
network
low complexity
buildapp CWE-306
critical
 9.8
9.8