Description
WordPress Plugin MStore API is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently take over any account. WordPress Plugin MStore API version 3.1.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.0 or latest
References
https://blog.webble.fr/critical-authentication-bypass-in-mstore-api/
https://sploitus.com/exploit?id=WPEX-ID:BF5DDC43-974D-41FA-8276-C1A27D3CC882
https://plugins.svn.wordpress.org/mstore-api/trunk/readme.txt
Related Vulnerabilities
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-41414)
WordPress Plugin EWWW Image Optimizer Cross-Site Scripting (2.0.1)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)
MySQL CVE-2014-2451 Vulnerability (CVE-2014-2451)
WordPress Plugin Shopping Cart & eCommerce Store Unspecified Vulnerability (3.1.9)