MStore API < 2.1.6 - Unauthenticated Arbitrary Account Creation/Edition

Affects Plugin

fixed in version 2.1.6

References

URL https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 793
Verified No
WPVDB ID 10123

Timeline

Publicly Published 2020-03-11 (23 days ago)
Added 2020-03-11 (22 days ago)
Last Updated 2020-03-13 (20 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin