The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated malicious users to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
inspireui mstore api |