Inspireui

Mstore Api

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-4683

  • EPSS 0.07%
  • Veröffentlicht 27.05.2025 01:48:48
  • Zuletzt bearbeitet 07.07.2025 15:55:52

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This ma...

7.3

CVE-2025-3438

  • EPSS 0.49%
  • Veröffentlicht 02.05.2025 05:22:34
  • Zuletzt bearbeitet 06.05.2025 15:35:14

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes ...

5.4

CVE-2024-12042

  • EPSS 0.17%
  • Veröffentlicht 13.12.2024 09:15:07
  • Zuletzt bearbeitet 22.05.2025 14:33:24

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type v...

6.5

CVE-2024-11179

  • EPSS 0.28%
  • Veröffentlicht 20.11.2024 10:15:05
  • Zuletzt bearbeitet 22.11.2024 16:55:03

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied paramete...

6.5

CVE-2024-8269

  • EPSS 0.39%
  • Veröffentlicht 13.09.2024 15:15:17
  • Zuletzt bearbeitet 18.09.2024 15:20:44

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled...

8.8

CVE-2024-8242

  • EPSS 1.63%
  • Veröffentlicht 13.09.2024 15:15:16
  • Zuletzt bearbeitet 18.09.2024 15:47:56

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This m...

8.1

CVE-2024-7628

  • EPSS 1.29%
  • Veröffentlicht 15.08.2024 03:15:05
  • Zuletzt bearbeitet 21.05.2025 20:50:00

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verify_id_token' function. This ma...

9.8

CVE-2024-6328

  • EPSS 0.76%
  • Veröffentlicht 12.07.2024 11:15:11
  • Zuletzt bearbeitet 21.05.2025 20:49:00

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebas...

8.8

CVE-2023-50878

  • EPSS 0.11%
  • Veröffentlicht 29.12.2023 13:15:08
  • Zuletzt bearbeitet 21.11.2024 08:37:27

Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.

9.8

CVE-2023-45055

  • EPSS 0.21%
  • Veröffentlicht 06.11.2023 09:15:08
  • Zuletzt bearbeitet 21.11.2024 08:26:17

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.