Mstore API
by WordPress
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8242 | 0.00 | — | 0.01 | Sep 13, 2024 | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for… | |||
| CVE-2024-8269 | 0.00 | — | 0.00 | Sep 13, 2024 | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user… | |||
| CVE-2023-3131 | 0.00 | — | 0.01 | Jul 10, 2023 | The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. | |||
| CVE-2023-3209 | 0.00 | — | 0.00 | Jul 10, 2023 | The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. | |||
| CVE-2022-47614 | 0.00 | — | 0.01 | Jun 23, 2023 | Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions. | |||
| CVE-2021-24148 | 0.00 | — | 0.03 | Mar 18, 2021 | A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. |
- CVE-2024-8242Sep 13, 2024risk 0.00cvss —epss 0.01
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for…
- CVE-2024-8269Sep 13, 2024risk 0.00cvss —epss 0.00
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user…
- CVE-2023-3131Jul 10, 2023risk 0.00cvss —epss 0.01
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
- CVE-2023-3209Jul 10, 2023risk 0.00cvss —epss 0.00
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
- CVE-2022-47614Jun 23, 2023risk 0.00cvss —epss 0.01
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.
- CVE-2021-24148Mar 18, 2021risk 0.00cvss —epss 0.03
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.
Page 2 of 2