Unlicensed Vulnerable CMS Software in Wappress Mobile App Builder Plugin
CVE-2017-1002001

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Mobile-app-builder-by-wappress
Vendor: CVE Published:; 14 September 2017

What is CVE-2017-1002001?

A security flaw exists in the Wappress Mobile App Builder plugin version 1.05, which incorporates unlicensed and potentially vulnerable CMS software from a third-party source. This situation may expose users to various security risks, allowing unauthorized access and exploitation. It is crucial for users of this plugin to assess their installation and consider upgrading to secure and compliant alternatives.

Affected Version(s)

mobile-app-builder-by-wappress < 1.05

References

https://wordpress.org/plugins-wp/mobile-app-builder-by-wa...

x_refsource_MISC

https://www.exploit-db.com/exploits/41540/

exploitx_refsource_EXPLOIT-DB

http://www.vapidlabs.com/advisory.php?v=180

x_refsource_MISC

EPSS Score

44% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2017
Vulnerability Reserved
Sep 14, 2017

Wordpress

What is CVE-2017-1002001?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline