WordPress · Mstore Api · CVE-2021-24148
Name of the Vulnerable Software and Affected Versions:
MStore API WordPress plugin versions prior to 3.2.0
Description:
A business logic issue in the MStore API WordPress plugin allows for an authentication bypass with Sign In With Apple. This issue enables unauthenticated users to recover an authentication cookie using only an email address.
Recommendations:
For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.