7.3
CVE-2024-8269
- EPSS 0.39%
- Veröffentlicht 13.09.2024 15:15:17
- Zuletzt bearbeitet 18.09.2024 15:20:44
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginMStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated.
Mögliche Gegenmaßnahme
MStore API – Create Native Android & iOS Apps On The Cloud: Update to version 4.15.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MStore API – Create Native Android & iOS Apps On The Cloud
Version
*-4.15.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inspireui ≫ Mstore Api SwPlatformwordpress Version < 4.15.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.595 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| security@wordfence.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.