3 matches found
CVE-2023-2734
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2734
CVE-2023-2734 affects the MStore API plugin for WordPress (versions up to and including 3.9.1). The root cause is insufficient verification of the user during the cart sync via the plugin’s mobile REST API, enabling authentication bypass that can let unauthenticated attackers log in as any existi...
WordPress MStore API Plugin <= 3.9.1 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2734 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 533a834d2d8a Credits Lana Codes Required privilege...