Smartstore · Smartstore · CVE-2020-15243
**Name of the Vulnerable Software and Affected Versions**
Smartstore versions 4.0.0 through 4.0.1
**Description**
The issue is related to a missing WebApi Authentication attribute in affected versions of Smartstore. This affects Smartstore shops that have installed and activated the Web API plugin.
**Recommendations**
For versions 4.0.0 and 4.0.1, merge the repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the /bin directory of the deployed shop with the updated file.
As a temporary workaround for versions 4.0.0 and 4.0.1, consider uninstalling the Web API plugin to close the vulnerability.