Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:8FC62C0D-17DE-4598-B365-1781D5B3FC19
HistoryMay 22, 2023 - 12:00 a.m.

MStore API < 3.9.2 - Authentication Bypass

2023-05-2200:00:00
wpscan.com
22
mstore api
authentication bypass
plugin
rest api
unauthenticated users
login
arbitrary user id
software

EPSS

0.002

Percentile

55.9%

JSON

The plugin does not properly verify the user provided when syncing their cart via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID

Related

cve 1
prion 1
nvd 1
cvelist 1
wallarmlab 1
wordfence 2
cve
cve
CVE-2023-2734
2023-05-25 03:15:08
prion
prion
Authentication flaw
2023-05-25 03:15:00
nvd
nvd
CVE-2023-2734
2023-05-25 03:15:08
cvelist
cvelist
CVE-2023-2734
2023-05-25 02:05:31
wallarmlab
wallarmlab
OWASP APIsec Top-10 2023 Is HereΒ | API Security Newsletter
2023-06-15 14:33:48
wordfence
wordfence
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
2023-06-01 12:43:43

EPSS

0.002

Percentile

55.9%

JSON
Related for WPVDB-ID:8FC62C0D-17DE-4598-B365-1781D5B3FC19
cve1prion1nvd1cvelist1wallarmlab1wordfence2