331 matches found
CVE-2026-3568 MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-3568 MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-3568
CVE-2026-3568 affects the WordPress MStore API plugin up to version 4.18.3. The root cause is in update_user_profile() processing the raw JSON field 'meta_data' without validation, allowlisting, or sanitization, and then applying arbitrary keys/values to update_user_meta() after cookie-based auth...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress MStore API <= 4.0.1 - Unauthenticated SQL Injection
MStore API plugin for WordPress up to version 4.0.1 contains an unauthenticated blind SQL injection caused by insufficient escaping of 'id' parameter in SQL queries, letting attackers execute arbitrary SQL commands without authentication, exploit requires sending crafted requests with malicious...
CVE-2023-45055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6...
CVE-2023-50878
Cross-Site Request Forgery CSRF vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1...
WordPress Mstore Mobile Multivendor plugin <= 9.0.1 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Mstore Mobile App versions = 9.0.1...
WordPress Mstore Mobile App plugin <= 2.08 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Mstore Mobile App versions = 2.08...
EUVD-2020-24155
Malware in sbrugna...
EUVD-2021-11062
Malware in sbrugna...
EUVD-2023-43816
Malicious code in bioql PyPI...
EUVD-2023-43887
Malicious code in bioql PyPI...
EUVD-2023-43952
Malicious code in bioql PyPI...
EUVD-2024-49056
Malicious code in bioql PyPI...
EUVD-2023-43877
Malicious code in bioql PyPI...
EUVD-2024-50553
Malicious code in bioql PyPI...
EUVD-2023-34195
Malicious code in bioql PyPI...
EUVD-2023-43879
Malicious code in bioql PyPI...
EUVD-2023-43878
Malicious code in bioql PyPI...