cleantalk
Vulnerabilities and Security Researches

App Builder – Create Native Android & iOS Apps On The Flight, CVE-2026-2375

CVE, Research URL

CVE-2026-2375

Home page URL

Security reports for App Builder – Create Native Android & iOS Apps On The Flight

Application

App Builder – Create Native Android & iOS Apps On The Flight

Published on
Mar 21, 2026
Research Description
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the `verify_role()` function in `AuthTrails.php` explicitly whitelisting the `wcfm_vendor` role alongside `subscriber` and `customer`, and assigning it directly via `wp_insert_user()` without integrating with WCFM Marketplace's vendor approval workflow. This makes it possible for unauthenticated attackers to register an account with the `wcfm_vendor` role by supplying the `role` parameter in the `/wp-json/app-builder/v1/register` REST API endpoint, bypassing the standard WCFM vendor approval process and immediately gaining vendor-level privileges (product management, order access, store management) on sites where WCFM Marketplace is active.
Affected versions
max 5.5.10.
Status
vulnerable
Previous vulnerability researches
VikAppointments Services Booking Calendar (CVE-2025-22719) , Jan 19, 2025
New vulnerability
Conditional Menus (CVE-2026-1032) , Apr 14, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2026-2559) , Apr 14, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2026-3090) , Apr 14, 2026
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2026-2375) , Apr 14, 2026
Doofinder WP & WooCommerce Search (CVE-2026-39542) , Apr 14, 2026