331 matches found
CVE-2023-2734
CVE-2023-2734 affects the MStore API plugin for WordPress (versions up to and including 3.9.1). The root cause is insufficient verification of the user during the cart sync via the plugin’s mobile REST API, enabling authentication bypass that can let unauthenticated attackers log in as any existi...
CVE-2023-2734 MStore API <= 3.9.1 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
WordPress MStore API Plugin <= 3.9.1 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2734 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 533a834d2d8a Credits Lana Codes Required privilege...
WordPress Plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
VulnCheck KEV: CVE-2023-2734
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for...
WordPress Plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-21068 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to, and including, 3.9.0 Description: The issue is related to authentication bypass due to insufficient verification of the user during the coupon redemption REST API request. This allows...
PT-2023-21071 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to, and including, 3.9.1 Description: The issue is related to authentication bypass due to insufficient verification of the user being supplied during the cart sync from mobile REST API request...
PT-2023-21067 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to, and including, 3.9.2 Description: The issue is related to insufficient verification of the user being supplied during the "add listing" REST API request through the plugin. This allows...
WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...
WordPress Plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
MStore API < 3.9.3 - Authentication Bypass
The plugin does not properly verify the user provided when adding listing via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
MStore API < 3.9.2 - Authentication Bypass
The plugin does not properly verify the user provided when syncing their cart via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
MStore API < 3.9.1 - Authentication Bypass
The plugin does not properly verify the user provided when redemption coupons via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
Wordpress MStore API 2.0.6 Plugin - Arbitrary File Upload Vulnerability
Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path from os import...
WordPress MStore API 2.0.6 Shell Upload
Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...
MStore API < 3.4.5 - Unauthenticated PHP File Upload
The api/flutterwoo/configfile REST endpoint of the plugin, does not have proper authorisation in place only checking if the plugin has a license, nor enough validation against the config file sent in the request. As a result, unauthenticated users could use such endpoint to upload a PHP file,...
MStore API < 3.4.5 - Unauthenticated PHP File Upload
The api/flutterwoo/configfile REST endpoint of the plugin, does not have proper authorisation in place only checking if the plugin has a license, nor enough validation against the config file sent in the request. As a result, unauthenticated users could use such endpoint to upload a PHP file,...
Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload
Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...
Unspecified Vulnerability in Wordpress MStore API
Wordpress MStore API is Wordpress open source an application plugin . Provides a configuration for Mstore, FluxStore mobile devices and support RestAPI to connect to the application features . MStore API WordPress plugin version 3.2.0 before the existence of a security vulnerability that can be...