3 matches found
CVE-2020-36713
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'updateuserprofile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delet...
CVE-2020-36713
The CVE-2020-36713 issue affects the WordPress MStore API plugin up to version 2.1.5, where unrestricted access to the register and update_user_profile routes enables authentication bypass. This allows unauthenticated attackers to create or delete administrator accounts or escalate privileges. Re...
CVE-2020-36713 MStore API <= 2.1.5 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'updateuserprofile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delet...