PT-2021-15694 · WordPress · Mstore Api

Vincent Datrier

Published

2021-03-18

Updated

2021-03-23

CVE-2021-24148

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: MStore API WordPress plugin versions prior to 3.2.0

Description: A business logic issue in the MStore API WordPress plugin allows for an authentication bypass with Sign In With Apple. This issue enables unauthenticated users to recover an authentication cookie using only an email address.

Recommendations: For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-24148

Affected Products

Mstore Api

PT-2021-15694 · WordPress · Mstore Api

CVE-2021-24148

Weakness Enumeration

Related Identifiers

Affected Products

References · 3