Refine your search

2 vulnerabilities found for Knowband Mobile App Builder by Unknown

CVE-2025-13029 (GCVE-0-2025-13029)
Vulnerability from nvd
Published
2025-12-31 06:00
Modified
2025-12-31 06:00
Severity ?
CWE
Summary
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.
References
Impacted products
Vendor Product Version
Unknown Knowband Mobile App Builder Version: 0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Knowband Mobile App Builder",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Khaled Alenazi (Nxploited)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T06:00:03.241Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/22344534-cd36-4817-b683-c0af55759e01/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Knowband Mobile App Builder for wooCommerce \u003c 3.0.0 \u2013 Unauthenticated Arbitrary User Deletion",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2025-13029",
    "datePublished": "2025-12-31T06:00:03.241Z",
    "dateReserved": "2025-11-11T15:13:42.244Z",
    "dateUpdated": "2025-12-31T06:00:03.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13029 (GCVE-0-2025-13029)
Vulnerability from cvelistv5
Published
2025-12-31 06:00
Modified
2025-12-31 06:00
Severity ?
CWE
Summary
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.
References
Impacted products
Vendor Product Version
Unknown Knowband Mobile App Builder Version: 0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Knowband Mobile App Builder",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Khaled Alenazi (Nxploited)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T06:00:03.241Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/22344534-cd36-4817-b683-c0af55759e01/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Knowband Mobile App Builder for wooCommerce \u003c 3.0.0 \u2013 Unauthenticated Arbitrary User Deletion",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2025-13029",
    "datePublished": "2025-12-31T06:00:03.241Z",
    "dateReserved": "2025-11-11T15:13:42.244Z",
    "dateUpdated": "2025-12-31T06:00:03.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}