Lucene search
K

331 matches found

CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

WordPress plugin MStore API 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

5.4CVSS8.1AI score0.00317EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.5 views

PT-2024-17416 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.16.4 Description: The issue is related to Stored Cross-Site Scripting via the profile picture upload functionality due to...

5.4CVSS6.1AI score0.00317EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/12/12 9:39 p.m.6 views

WordPress MStore API plugin <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) vulnerability

Authenticated Subscriber+ HTML File Upload Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin MStore API versions = 4.16.4...

5.4CVSS6.9AI score0.00317EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/20 10:15 a.m.1 views

CVE-2024-11179

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS7.3AI score
Exploits0References3
NVD
NVD
added 2024/11/20 10:15 a.m.16 views

CVE-2024-11179

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0045EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/20 9:31 a.m.19 views

CVE-2024-11179 MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS7AI score0.0045EPSS
Exploits0References3
CVE
CVE
added 2024/11/20 9:31 a.m.86 views

CVE-2024-11179

CVE-2024-11179 concerns the WordPress plugin MStore API – Create Native Android & iOS Apps On The Cloud . Public sources confirm an SQL Injection vulnerability via the vulnerable parameter status_type in all versions up to and including 4.15.7, caused by insufficient escaping and improper query p...

6.5CVSS6.2AI score0.0045EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/11/20 9:31 a.m.22 views

CVE-2024-11179 MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0045EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.3 views

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.3AI score0.0045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.7 views

PT-2024-16802 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.15.7 Description: The issue is related to SQL Injection via the status type parameter due to insufficient escaping on the...

6.5CVSS9.1AI score0.0045EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/11/19 10:28 p.m.4 views

WordPress MStore API plugin <= 4.15.7 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MStore API versions = 4.15.7...

6.5CVSS8.1AI score0.0045EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.14 views

WordPress MStore API Plugin <= 4.15.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.15.7 Fixed in 4.15.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11179 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1c06ba6b6a95 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

6.5CVSS6.8AI score0.0045EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/13 3:15 p.m.3 views

CVE-2024-8269

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

6.5CVSS5.8AI score0.00382EPSS
Exploits0References4
NVD
NVD
added 2024/09/13 3:15 p.m.26 views

CVE-2024-8269

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS0.00382EPSS
Exploits0References4
OSV
OSV
added 2024/09/13 3:15 p.m.5 views

CVE-2024-8242

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

8.8CVSS6.5AI score0.00785EPSS
Exploits0References4
NVD
NVD
added 2024/09/13 3:15 p.m.19 views

CVE-2024-8242

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

8.8CVSS0.00785EPSS
Exploits0References4
CVE
CVE
added 2024/09/13 3:10 p.m.80 views

CVE-2024-8242

CVE-2024-8242 : The WordPress MStore API plugin (

8.8CVSS6.8AI score0.00785EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/09/13 3:10 p.m.25 views

CVE-2024-8242 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

4.3CVSS0.00785EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/13 3:10 p.m.20 views

CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS6.5AI score0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/13 3:10 p.m.19 views

CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS0.00382EPSS
Exploits0References4
Rows per page
Query Builder