CVE-2026-2375
App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the `verify_role()` function in `AuthTrails.php` explicitly whitelisting the `wcfm_vendor` role alongside `subscriber` and `customer`, and assigning it directly via `wp_insert_user()` without integrating with WCFM Marketplace's vendor approval workflow. This makes it possible for unauthenticated attackers to register an account with the `wcfm_vendor` role by supplying the `role` parameter in the `/wp-json/app-builder/v1/register` REST API endpoint, bypassing the standard WCFM vendor approval process and immediately gaining vendor-level privileges (product management, order access, store management) on sites where WCFM Marketplace is active.
| CWE | CWE-269 |
| Vendor | appcheap |
| Product | app builder – create native android & ios apps on the flight |
| Published | Mar 21, 2026 |
| Last Updated | Apr 8, 2026 |
Get instant alerts for appcheap app builder – create native android & ios apps on the flight
Be the first to know when new medium vulnerabilities affecting appcheap app builder – create native android & ios apps on the flight are published — delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N