CVE-2024-11024

Name of the Vulnerable Software and Affected Versions The AppPresser – Mobile App Framework plugin for WordPress versions up to, and including, 4.4.6

Description The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's password reset code before updating their password. As a result, unauthenticated attackers who know a user's email address can reset the user's password and gain access to their account.

Recommendations For versions up to, and including, 4.4.6, update to a version that fixes the password reset validation issue to prevent account takeover. As a temporary workaround, consider restricting access to the password reset functionality until a patch is available.