Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3199 | 1 Inspireui | 1 Mstore Api | 2024-02-28 | N/A | 4.3 MEDIUM |
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2021-24148 | 1 Inspireui | 1 Mstore Api | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. |