269 matches found
CVE-2024-8242
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...
CVE-2024-8242 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...
CVE-2024-8242
CVE-2024-8242 : The WordPress MStore API plugin (
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8269
CVE-2024-8269 – MStore API (WordPress) is an unauthenticated vulnerability in the MStore API plugin (WordPress) affecting versions up to 4.15.3. The issue arises because register() does not verify that user registration is enabled, allowing unauthenticated attackers to create user accounts on sit...
WordPress MStore API plugin <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload vulnerability
Authenticated Subscriber+ Limited Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin MStore API versions = 4.15.3...
WordPress plugin MStore API 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress MStore API Plugin <= 4.15.3 is vulnerable to Bypass Vulnerability
Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-8269 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4a56b4c925e9 Credits wesley wcraft Required privilege...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload
Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...
CVE-2024-7628
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...
CVE-2024-7628
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...
WordPress MStore API plugin <= 4.15.2 - Authentication Bypass to Account Takeover vulnerability
Authentication Bypass to Account Takeover vulnerability discovered by Truoc Phan in WordPress Plugin MStore API versions = 4.15.2...
CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...
CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...
CVE-2024-7628
CVE-2024-7628 involves the MStore API – Create Native Android & iOS Apps On The Cloud WordPress plugin. It allows authentication bypass via a loose token-id verification in verify_id_token, enabling unauthenticated login as an existing site user (potentially an administrator) if firebase is confi...
PT-2024-38463 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.15.2 Description: The issue is due to the use of loose comparison in the verify id token function, making it possible for...
WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...
CVE-2024-6328
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...