cleantalk
Vulnerabilities and Security Researches

Wordapp, CVE-2023-2987

CVE, Research URL

CVE-2023-2987

Home page URL

Security reports for Wordapp

Application

Wordapp

Published on
May 31, 2023
Research Description
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.
Affected versions
Min -, max 1.7.0.
Status
vulnerable
Previous vulnerability researches
Wordapp (CVE-2025-30927) , Jun 15, 2025
Wordapp (CVE-2023-2987) , Jun 10, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025