CVE-2020-36713

Name of the Vulnerable Software and Affected Versions MStore API plugin for WordPress versions up to and including 2.1.5

Description The issue allows for authentication bypass due to unrestricted access to the 'register' and 'update user profile' routes, enabling unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.

Recommendations For versions up to and including 2.1.5, update to a version higher than 2.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the 'register' and 'update user profile' routes to prevent unauthorized account modifications.