CVE-2024-9302

HIGH

App Builder < 5.3.7 - Unauthenticated Account Takeover via OTP Brute Force

Title source: llm

Description

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L196

Product

https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L247

Patch

https://plugins.trac.wordpress.org/changeset/3161215/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve

Scores

CVSS v3 8.1

EPSS 0.0059

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-640

Status published

Products (2)

appcheap/App Builder – Create Native Android & iOS Apps On The Flight < 5.3.7

appcheap/app_builder < 5.3.7

Published Oct 25, 2024

Tracked Since Feb 18, 2026