CVE-2025-3438

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to...

CVE-2025-3438 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to...

CVE-2025-3438

The CVE-2025-3438 entry concerns the WordPress MStore API plugin (≤ 4.17.4), which allows unauthenticated privilege escalation by registering as the wcfm_vendor Store Vendor role due to insufficient role restrictions during registration. Exploitation requires the WCFM Marketplace – Multivendor Ma...

CVE-2025-3438 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-18761 · WordPress · Mstore Api +1

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.17.4 Description: The issue is related to limited privilege escalation due to a lack of restriction of role when registering,...

WordPress MStore API plugin <= 4.17.4 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.4...

CVE-2022-47614

Unauth. SQL Injection SQLi vulnerability in InspireUI MStore API plugin = 3.9.7 versions...

CVE-2020-36713

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'updateuserprofile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delet...

CVE-2024-7628

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

CVE-2024-8269

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

CVE-2024-12042

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for...

CVE-2024-12042

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for...

CVE-2024-12042 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting)

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for...

CVE-2024-12042 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting)

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for...

CVE-2024-12042

CVE-2024-12042 is an authenticated Stored Cross-Site Scripting vulnerability in the MStore API – Create Native Android & iOS Apps On The Cloud WordPress plugin (

WordPress plugin MStore API 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-17416 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.16.4 Description: The issue is related to Stored Cross-Site Scripting via the profile picture upload functionality due to...

WordPress MStore API plugin <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) vulnerability

Authenticated Subscriber+ HTML File Upload Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin MStore API versions = 4.16.4...