Vendor
Mstoreapp
Products
2
CVEs
1
Across products
2
Status
Private
Products
2- 1 CVE
- 1 CVE
Recent CVEs
1| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11127 | Cri | 0.64 | 9.8 | 0.00 | Nov 21, 2025 | The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address. |
- risk 0.64cvss 9.8epss 0.00
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.