Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total25
Critical9
High2
Medium13
Reset
Showing 21-25 of 25 records
Threat Entry Updated 2024-11-21

CVE-2023-3198 - Mstore Api Plugin

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Mstore Api

CVE-2023-3198

MEDIUM CVSS 4.3 2023-06-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2734 - Mstore Api Plugin

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

PLUGIN Mstore Api

CVE-2023-2734

CRITICAL CVSS 9.8 2023-05-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2733 - Mstore Api Plugin

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

PLUGIN Mstore Api

CVE-2023-2733

CRITICAL CVSS 9.8 2023-05-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2732 - Mstore Api Plugin

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

PLUGIN Mstore Api

CVE-2023-2732

CRITICAL CVSS 9.8 2023-05-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24148 - Mstore Api Plugin

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

PLUGIN Mstore Api

CVE-2021-24148

CRITICAL CVSS 9.8 2021-03-18
Open Full Technical Breakdown
Scroll to top