WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

MStore API < 2.1.6 - Unauthenticated Arbitrary Account Creation/Edition

Description

The MStore API WordPress plugin was affected by an Unauthenticated Arbitrary Account Creation/Edition security vulnerability.

Affects Plugins

mstore-api
Fixed in version 2.1.6

References

URL
https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin/

Classification

Type

PRIVESC

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Verified

No

WPVDB ID
fc7ecfd3-a53d-4ea7-8ef3-21d483d8a453

Timeline

Publicly Published

2020-03-11 (about 2 years ago)

Added

2020-03-11 (about 2 years ago)

Last Updated

2021-02-02 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin