VYPR

Mstore API

by WordPress

Source repositories

CVEs (26)

  • CVE-2024-8242Sep 13, 2024
    risk 0.00cvss epss 0.01

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for…

  • CVE-2024-8269Sep 13, 2024
    risk 0.00cvss epss 0.00

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user…

  • CVE-2023-3131Jul 10, 2023
    risk 0.00cvss epss 0.01

    The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

  • CVE-2023-3209Jul 10, 2023
    risk 0.00cvss epss 0.00

    The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

  • CVE-2022-47614Jun 23, 2023
    risk 0.00cvss epss 0.01

    Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.

  • CVE-2021-24148Mar 18, 2021
    risk 0.00cvss epss 0.03

    A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

Page 2 of 2