Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

8blocks

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2024-13536
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.63% / 70.97%
||
7 Day CHG+0.17%
Published-21 Jan, 2025 | 04:20
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Action-Not Available
Vendor-8blocks
Product-1003 Mortgage Application
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-22591
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.05%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.

Action-Not Available
Vendor-8blocks
Product-1003 Mortgage Application
CWE ID-CWE-862
Missing Authorization
CVE-2025-22592
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.31%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.

Action-Not Available
Vendor-8blocks
Product-1003 Mortgage Application
CWE ID-CWE-862
Missing Authorization