Search criteria
2 vulnerabilities found for Knowband Mobile App Builder by Unknown
CVE-2025-13029 (GCVE-0-2025-13029)
Vulnerability from nvd – Published: 2025-12-31 06:00 – Updated: 2025-12-31 06:00
VLAI?
Title
Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion
Summary
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Knowband Mobile App Builder |
Affected:
0 , < 3.0.0
(semver)
|
Credits
Khaled Alenazi (Nxploited)
WPScan
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Knowband Mobile App Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled Alenazi (Nxploited)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T06:00:03.241Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/22344534-cd36-4817-b683-c0af55759e01/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Knowband Mobile App Builder for wooCommerce \u003c 3.0.0 \u2013 Unauthenticated Arbitrary User Deletion",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-13029",
"datePublished": "2025-12-31T06:00:03.241Z",
"dateReserved": "2025-11-11T15:13:42.244Z",
"dateUpdated": "2025-12-31T06:00:03.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13029 (GCVE-0-2025-13029)
Vulnerability from cvelistv5 – Published: 2025-12-31 06:00 – Updated: 2025-12-31 06:00
VLAI?
Title
Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion
Summary
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Knowband Mobile App Builder |
Affected:
0 , < 3.0.0
(semver)
|
Credits
Khaled Alenazi (Nxploited)
WPScan
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Knowband Mobile App Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khaled Alenazi (Nxploited)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T06:00:03.241Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/22344534-cd36-4817-b683-c0af55759e01/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Knowband Mobile App Builder for wooCommerce \u003c 3.0.0 \u2013 Unauthenticated Arbitrary User Deletion",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-13029",
"datePublished": "2025-12-31T06:00:03.241Z",
"dateReserved": "2025-11-11T15:13:42.244Z",
"dateUpdated": "2025-12-31T06:00:03.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}