High severity8.1NVD Advisory· Published Jun 11, 2024· Updated Apr 8, 2026

CVE-2023-7264

Description

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.

Affected products

Buildapp/Build App Online
cpe:2.3:a:buildapp:build_app_online:*:*:*:*:*:wordpress:*:*
Range: <=1.0.21

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/f6047ae6-b1b4-4b31-aa12-560927e1040bnvdThird Party Advisory
plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.phpnvdProduct
plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.phpnvdProduct
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000