CVE-2024-7628
CVE-2024-7628 involves the MStore API – Create Native Android & iOS Apps On The Cloud WordPress plugin. It allows authentication bypass via a loose token-id verification in verify_id_token, enabling unauthenticated login as an existing site user (potentially an administrator) if firebase is confi...