Lucene search
K

335 matches found

Nuclei
Nuclei
added yesterday35 views

MStore API <= 3.9.1 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7AI score0.03805EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday69 views

MStore API < 3.9.8 - SQL Injection

The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the productid parameter. id: CVE-2023-3077 info: name: MStore API 3.9.8 - SQL Injection author: DhiyaneshDK severity: critical description: | The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind S...

9.8CVSS7.1AI score0.05505EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday11 views

MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

9.8CVSS7AI score0.02888EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-57375

Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through = 4.18.4...

6.5CVSS0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-57375 WordPress MStore API plugin <= 4.18.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through = 4.18.4...

6.5CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-57375

CVE-2026-57375 describes a missing authorization weakness in the WordPress MStore API (plugin/mstore-api) up to version

6.5CVSS6.1AI score0.00194EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago121 views

MStore API <= 3.9.2 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...

9.8CVSS7AI score0.67511EPSS
Exploits3References5
Patchstack
Patchstack
added 2026/07/07 9:13 a.m.6 views

WordPress MStore API plugin <= 4.18.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin MStore API versions = 4.18.4...

6.5CVSS5.9AI score0.00194EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2026-54817

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 1:36 p.m.33 views

CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:36 p.m.13 views

EUVD-2026-37706

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS5.2AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.9 views

CVE-2021-47933

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS6.5AI score0.00587EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:31 p.m.22 views

EUVD-2021-34795

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS6.5AI score0.00587EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 1:16 p.m.17 views

CVE-2021-47933

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS0.00587EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.10 views

CVE-2021-47933

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS6.5AI score0.00587EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/10 12:43 p.m.18 views

CVE-2021-47933

CVE-2021-47933 affects WordPress MStore API 2.0.6, where an arbitrary file upload vulnerability exists. An unauthenticated attacker can send POST requests to the REST API endpoint and upload PHP files with arbitrary names to the config_file endpoint, enabling remote code execution on the server. ...

9.8CVSS6.5AI score0.00587EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.38 views

CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS0.00587EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.16 views

CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS6.5AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.14 views

PT-2026-39509

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config file endpoint to achieve remote code...

9.8CVSS6.5AI score0.00587EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.3AI score0.00587EPSS
Exploits0References1
Rows per page
Query Builder