GCVE - cpe:2.3:a:8blocks:1003_mortgage_application:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:8blocks:1003_mortgage_application:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	8Blocks (`8fa7df57-165e-5b75-8440-a5feb6114b6b`)
Product	1003 Mortgage Application (`6a55ccad-0246-5cf5-94ef-f32f154b6e69`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-22592`	vulnerable	2026-06-03 14:59:40.434100	WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability HIGH (7.5) Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87. Published: 2025-01-07T14:57:01.186Z Updated: 2026-04-28T16:11:02.554Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/1003-mortgage-application/vulnerability/wordpress-1003-mortgage-application-plugin-1-87-broken-access-control-vulnerability-2?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22591`	vulnerable	2026-06-03 14:59:40.432750	WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87. Published: 2025-01-07T14:57:01.806Z Updated: 2026-04-28T16:11:02.333Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/1003-mortgage-application/vulnerability/wordpress-1003-mortgage-application-plugin-1-87-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13536`	vulnerable	2026-06-03 14:54:24.866134	1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure MEDIUM (5.3) The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. Published: 2025-01-21T04:20:57.518Z Updated: 2026-04-08T17:24:42.546Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/cfbc90b9-af91-49ac-ad3d-a37c17e8ba6d?source=cve https://plugins.trac.wordpress.org/browser/1003-mortgage-application/trunk/inc/class/fnm/export.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45357`	vulnerable	2026-06-03 14:48:24.033807	WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection MEDIUM (6.1) Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. Published: 2023-11-07T15:45:27.784Z Updated: 2026-04-28T16:07:52.288Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-csv-injection?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.