Lucene search
K

267 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43880

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00296EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49043

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00785EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43881

Malicious code in bioql PyPI...

4.3CVSS6AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-49056

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00382EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/29 1:51 a.m.20 views

CVE-2025-4683

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

4.3CVSS6.5AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2025/05/27 3:15 a.m.24 views

CVE-2025-4683

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

4.3CVSS0.0025EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/27 1:48 a.m.29 views

CVE-2025-4683 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

4.3CVSS0.0025EPSS
Exploits0References4
CVE
CVE
added 2025/05/27 1:48 a.m.69 views

CVE-2025-4683

CVE-2025-4683 affects the WordPress plugin “MStore API – Create Native Android & iOS Apps On The Cloud” up to and including version 4.17.5. The root cause is a missing capability check in the create_blog function, enabling authenticated attackers with Subscriber-level access and above to create n...

4.3CVSS4.1AI score0.0025EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/27 1:48 a.m.9 views

CVE-2025-4683 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

4.3CVSS6.5AI score0.0025EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/05/27 1:17 a.m.17 views

WordPress MStore API plugin <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Posts Creation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.5...

4.3CVSS6.7AI score0.0025EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.4 views

PT-2025-22908 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.17.5 Description: The issue allows authenticated attackers with Subscriber-level access and above to create new posts due to a...

4.3CVSS4.2AI score0.0025EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.7 views

CVE-2024-12042

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for...

5.4CVSS5.7AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.13 views

CVE-2024-8242

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...

8.8CVSS7.6AI score0.00785EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:2 a.m.7 views

CVE-2024-11179

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'statustype' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS7AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:47 a.m.12 views

CVE-2023-3199

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordertitle function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site...

4.3CVSS6.5AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:47 a.m.12 views

CVE-2023-3201

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatenewordertitle function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrato...

4.3CVSS6.5AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:47 a.m.8 views

CVE-2023-3197

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS7.5AI score0.03902EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:44 a.m.7 views

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

9.8CVSS6.6AI score0.01728EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.10 views

CVE-2023-2733

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7.1AI score0.01256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:25 a.m.9 views

CVE-2023-3209

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

3.5CVSS6.8AI score0.00234EPSS
Exploits2References1
Rows per page
Query Builder