Knowband Mobile App Builder for wooCommerce < 3.0.0

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

Basic Information

ID CVE-2025-13029

Source WPScan

Published Dec 31, 2025 at 06:00

Modified Jan 2, 2026 at 14:37

Affected Product

Vendor Unknown

Product Knowband Mobile App Builder

Affected Versions Unknown Knowband Mobile App Builder 0

CWE Classification

References

wpscan.com /vulnerability/22344534-cd36-4817-b683-c0af55759e01/

{
    "lastseen": "",
    "description": "The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.",
    "published": "2025-12-31T06:00:03.241Z",
    "modified": "2026-01-02T14:37:20.664Z",
    "type": "cve",
    "title": "Knowband Mobile App Builder for wooCommerce < 3.0.0 \u2013 Unauthenticated Arbitrary User Deletion",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/22344534-cd36-4817-b683-c0af55759e01/",
    "id": "CVE-2025-13029",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Knowband Mobile App Builder 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Knowband Mobile App Builder",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion_CVE-2025-13029