Apppresser
Sign in to watchby Apppresser
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-4611 | Hig | 0.53 | 8.1 | 0.02 | May 29, 2024 | The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server. | |
| CVE-2023-4214 | Hig | 0.53 | 8.1 | 0.00 | Nov 18, 2023 | The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. | |
| CVE-2024-32776 | Med | 0.42 | 6.5 | 0.00 | May 14, 2024 | Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | |
| CVE-2024-31374 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Scott Bolinger AppPresser apppresser allows Cross Site Request Forgery.This issue affects AppPresser: from n/a through <= 4.3.0. | |
| CVE-2024-31268 | Med | 0.28 | 4.3 | 0.00 | Apr 12, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. |