331 matches found
WordPress plugin MStore API 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2024-17416 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.16.4 Description: The issue is related to Stored Cross-Site Scripting via the profile picture upload functionality due to...
WordPress MStore API plugin <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) vulnerability
Authenticated Subscriber+ HTML File Upload Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin MStore API versions = 4.16.4...
CVE-2024-11179
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-11179
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-11179 MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-11179
CVE-2024-11179 concerns the WordPress plugin MStore API – Create Native Android & iOS Apps On The Cloud . Public sources confirm an SQL Injection vulnerability via the vulnerable parameter status_type in all versions up to and including 4.15.7, caused by insufficient escaping and improper query p...
CVE-2024-11179 MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-16802 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.15.7 Description: The issue is related to SQL Injection via the status type parameter due to insufficient escaping on the...
WordPress MStore API plugin <= 4.15.7 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MStore API versions = 4.15.7...
WordPress MStore API Plugin <= 4.15.7 is vulnerable to SQL Injection
Software MStore API Type Plugin Vulnerable versions = 4.15.7 Fixed in 4.15.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11179 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1c06ba6b6a95 Credits Trương Hữu Phúc truonghuuphuc Required privilege...
CVE-2024-8269
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8269
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8242
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...
CVE-2024-8242
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...
CVE-2024-8242
CVE-2024-8242 : The WordPress MStore API plugin (
CVE-2024-8242 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...