Vulnerabilities and security researches forwordapp wordapp

Jun 10, 2024

CVE, Research URL: CVE-2023-2987
Home page URL: Security reports for Wordapp
Application: Wordapp
Date: May 31, 2023
Research Description: The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.
Affected versions: Min -, max -.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-30927
Home page URL: Security reports for Wordapp
Application: Wordapp
Date: Jun 06, 2025
Research Description: Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0.
Affected versions: Min -, max -.
Status: vulnerable