📦 Mstore Api

The MStore API WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user by exploiting insufficient verification of the 'phone' p...

This SQL injection vulnerability in the InspireUI MStore API WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites using MStore API versio...

The MStore API WordPress plugin has an authentication bypass vulnerability in its Apple login feature. Unauthenticated attackers can log in as any user by knowing their email address, leading to unaut...

This vulnerability allows unauthenticated attackers to perform blind SQL injection attacks on WordPress sites using the MStore API plugin before version 3.9.8. The attack is only possible if the site ...

The MStore API WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to create administrator accounts, delete existing admin accounts, or escalate privilege...

The MStore API plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, by exploiting insufficien...

The MStore API WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, by exploiting insufficient ve...

This vulnerability allows unauthenticated attackers to bypass authentication in the MStore API WordPress plugin by exploiting a business logic flaw in the Sign In With Apple feature. Attackers can rec...

The MStore API WordPress plugin allows unauthenticated attackers to create user accounts even when user registration is disabled. This affects all WordPress sites using MStore API plugin versions up t...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against WordPress sites using the InspireUI MStore API plugin. Attackers can execute arbitrary SQL commands, potent...

The MStore API WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level permissions or higher to create new posts without proper authorization. This af...

The MStore API WordPress plugin allows unauthenticated attackers to register accounts with 'wcfm_vendor' privileges when the WCFM Marketplace plugin is active. This enables limited privilege escalatio...

The MStore API WordPress plugin has a stored XSS vulnerability in profile picture upload functionality. Authenticated attackers with subscriber-level access can upload malicious HTML files that execut...

This SQL injection vulnerability in the MStore API WordPress plugin allows authenticated attackers with Subscriber-level access or higher to inject malicious SQL queries via the 'status_type' paramete...