exploitDog

GHSA-4xqm-hx6r-2gp8

Опубликовано: 31 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

Ссылки

EPSS

Процентиль: 27%

0.00096

Низкий

7.5 High

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-13029

CVSS3: 7.5

nvd

около 1 месяца назад

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

EPSS

Процентиль: 27%

0.00096

Низкий

7.5 High

CVSS3

CVE ID