CVE-2025-13029

CVE-2025-13029: Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion

Vendor Unknown
Product Knowband Mobile App Builder
Published December 31, 2025
Last update January 2, 2026

CVSS base score

What the vulnerability does

01Description

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

Key dates

02Disclosure timeline

December 31, 2025 CVE published
January 2, 2026 Record updated