cleantalk
Vulnerabilities and Security Researches

AppPresser – Mobile App Framework, CVE-2024-4611

CVE, Research URL

CVE-2024-4611

Home page URL

Security reports for AppPresser – Mobile App Framework

Application

AppPresser – Mobile App Framework

Published on
May 29, 2024
Research Description
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.
Affected versions
max 4.4.0.
Status
vulnerable
Previous vulnerability researches
AppPresser – Mobile App Framework (CVE-2024-11024) , Nov 27, 2024
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2024-4611) , Jun 07, 2024
AppPresser – Mobile App Framework (CVE-2023-4214) , Jun 07, 2024
AppPresser – Mobile App Framework (CVE-2024-31268) , Jun 07, 2024
New vulnerability
Page & Post Notes (CVE-2025-12527) , Nov 11, 2025
Opal Service (CVE-2025-62913) , Nov 11, 2025
Simple User Registration (CVE-2025-53428) , Nov 11, 2025
Booster for WooCommerce (CVE-2025-64196) , Nov 11, 2025
Community Events (CVE-2025-10587) , Nov 11, 2025