Vulnerabilities and security researches forapptivo-business-site apptivo-business-site

Jun 07, 2024

CVE, Research URL: CVE-2022-44582
Home page URL: Security reports for Apptivo Business Site CRM
Application: Apptivo Business Site CRM
Date: Apr 23, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions.
Affected versions: Min -, max -.
Status: vulnerable

Feb 20, 2025

CVE, Research URL: CVE-2024-13405
Home page URL: Security reports for Apptivo Business Site CRM
Application: Apptivo Business Site CRM
Date: Feb 19, 2025
Research Description: The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenticated attackers to block IP addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Apr 05, 2025

CVE, Research URL: CVE-2025-31909
Home page URL: Security reports for Apptivo Business Site CRM
Application: Apptivo Business Site CRM
Date: Apr 03, 2025
Research Description: Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3.
Affected versions: Min -, max -.
Status: vulnerable