331 matches found
CVE-2021-24148
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address...
CVE-2021-24148
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address...
Authentication flaw
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address...
CVE-2021-24148 MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address...
CVE-2021-24148
CVE-2021-24148 affects the WordPress plugin MStore API (vulnerable:
Wordpress MStore API 授权问题漏洞
Wordpress MStore API is Wordpress open source an application plugin . Provides a configuration for Mstore, FluxStore mobile devices and support RestAPI to connect to the application features . MStore API WordPress plugin version 3.2.0 before the existence of a security vulnerability that can be...
MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. PoC The plugin must have a valid purchase code for the request to work curl -X GET --header 'Content-Type: application/json' --header...
WordPress MStore API plugin <= 3.1.9 - Bypass vulnerability in Apple login authentication method
Bypass vulnerability in Apple login authentication method found by Vincent Datrier in WordPress MStore API plugin versions = 3.1.9. Solution Update the WordPress MStore API plugin to the latest available version at least 3.2.0...
MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. The plugin must have a valid purchase code for the request to work curl -X GET --header 'Content-Type: application/json' --header 'Accept:...
MStore API < 2.1.6 - Unauthenticated Arbitrary Account Creation/Edition
The MStore API WordPress plugin was affected by an Unauthenticated Arbitrary Account Creation/Edition security vulnerability...
WordPress MStore API plugin <= 2.1.5 - Unauthenticated Account Create/Edit vulnerability
Unauthenticated Account Create/Edit vulnerability discovered by NinTechNet in WordPress MStore API plugin versions = 2.1.5. Solution Update the WordPress MStore API plugin to the latest available version at least 2.1.6...