CVE-2025-11127

🗓️ 21 Nov 2025 13:41:07Reported by WPScanType

Unauthenticated privilege escalation in Mstoreapp Mobile and Multivendor via asynchronous requests exposes sessions by email.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-11127	21 Nov 202515:50	–	circl
CNNVD	WordPress plugin Mstoreapp Mobile App和Mstoreapp Mobile Multivendor 安全漏洞	21 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-11127 Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation	21 Nov 202513:41	–	cvelist
EUVD	EUVD-2025-198490	21 Nov 202515:31	–	euvd
NVD	CVE-2025-11127	21 Nov 202514:15	–	nvd
Patchstack	WordPress Mstore Mobile Multivendor plugin <= 9.0.1 - Unauthenticated Privilege Escalation vulnerability	24 Nov 202506:51	–	patchstack
Patchstack	WordPress Mstore Mobile App plugin <= 2.08 - Unauthenticated Privilege Escalation vulnerability	24 Nov 202506:51	–	patchstack
Positive Technologies	PT-2025-47778	21 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11127	22 Nov 202514:26	–	redhatcve
Vulnrichment	CVE-2025-11127 Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation	21 Nov 202513:41	–	vulnrichment

Vulners

Node

mstoreapp_mobile_appRange≤2.0.8wordpress

mstoreapp_mobile_multivendorRange≤9.0.1wordpress

[
  {
    "vendor": "Unknown",
    "product": "Mstoreapp Mobile App",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "2.0.8"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Mstoreapp Mobile Multivendor",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "9.0.1"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/6432bd1a-6e44-4a3f-890b-df2bd877d626/

15 Apr 2026 00:35Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.19.8

EPSS0.0021

SSVC