Lucene search
K

269 matches found

NVD
NVD
added 2024/09/13 3:15 p.m.31 views

CVE-2024-8242

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

8.8CVSS0.00785EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/13 3:10 p.m.29 views

CVE-2024-8242 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

4.3CVSS0.00785EPSS
Exploits0References4
CVE
CVE
added 2024/09/13 3:10 p.m.84 views

CVE-2024-8242

CVE-2024-8242 : The WordPress MStore API plugin (

8.8CVSS6.8AI score0.00785EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/09/13 3:10 p.m.20 views

CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS0.00382EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/13 3:10 p.m.21 views

CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS6.5AI score0.00382EPSS
Exploits0References4
CVE
CVE
added 2024/09/13 3:10 p.m.82 views

CVE-2024-8269

CVE-2024-8269 – MStore API (WordPress) is an unauthenticated vulnerability in the MStore API plugin (WordPress) affecting versions up to 4.15.3. The issue arises because register() does not verify that user registration is enabled, allowing unauthenticated attackers to create user accounts on sit...

7.3CVSS6.5AI score0.00382EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/09/13 6:12 a.m.4 views

WordPress MStore API plugin <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload vulnerability

Authenticated Subscriber+ Limited Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin MStore API versions = 4.15.3...

8.8CVSS7AI score0.00785EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.4 views

WordPress plugin MStore API 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

8.8CVSS7AI score0.00785EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.12 views

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Bypass Vulnerability

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-8269 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4a56b4c925e9 Credits wesley wcraft Required privilege...

7.3CVSS6.6AI score0.00382EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.6 views

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.3CVSS6.7AI score0.00382EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.17 views

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

8.8CVSS6.8AI score0.00785EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/08/15 3:15 a.m.21 views

CVE-2024-7628

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

8.1CVSS0.00658EPSS
Exploits0References5
OSV
OSV
added 2024/08/15 3:15 a.m.4 views

CVE-2024-7628

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

8.1CVSS5.8AI score0.00658EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/08/15 3:3 a.m.5 views

WordPress MStore API plugin <= 4.15.2 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Truoc Phan in WordPress Plugin MStore API versions = 4.15.2...

8.1CVSS7AI score0.00658EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/15 2:30 a.m.24 views

CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

8.1CVSS0.00658EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/15 2:30 a.m.27 views

CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

8.1CVSS7.1AI score0.00658EPSS
Exploits0References5
CVE
CVE
added 2024/08/15 2:30 a.m.93 views

CVE-2024-7628

CVE-2024-7628 involves the MStore API – Create Native Android & iOS Apps On The Cloud WordPress plugin. It allows authentication bypass via a loose token-id verification in verify_id_token, enabling unauthenticated login as an existing site user (potentially an administrator) if firebase is confi...

8.1CVSS7.9AI score0.00658EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.8 views

PT-2024-38463 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.15.2 Description: The issue is due to the use of loose comparison in the verify id token function, making it possible for...

8.1CVSS6.1AI score0.00658EPSS
Exploits0References13
Patchstack
Patchstack
added 2024/08/15 12:0 a.m.14 views

WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...

8.1CVSS6.6AI score0.00658EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/12 11:15 a.m.28 views

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

9.8CVSS0.0067EPSS
Exploits0References4
Rows per page
Query Builder