cleantalk
Vulnerabilities and Security Researches

MStore API, 81504621871d7fcc1e93ae2ba9de763671bf3f58

CVE, Research URL

81504621871d7fcc1e93ae2ba9de763671bf3f58

Home page URL

Security reports for MStore API

Application

MStore API

Published on
Mar 11, 2020
Research Description
MStore API &#8211; Create Native Android &amp; iOS Apps On The Cloud [mstore-api] < 2.1.6 MStore API <= 2.1.5 - Authentication Bypass The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.
Affected versions
max 2.1.6.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (fc7ecfd3-a53d-4ea7-8ef3-21d483d8a453) , Jun 16, 2026
MStore API (679d7241-a136-4eb3-a9ec-42de2492ddfc) , Jun 16, 2026
MStore API (6d230f3173dc0c1c7698859557af2d7a08437bac) , Jun 16, 2026
MStore API (d887b5dfeda43393faf6d8656a78dce9004a1e25) , Jun 16, 2026
New vulnerability
Media Library Assistant (CVE-2026-56012) , Jun 20, 2026
MStore API (CVE-2026-54817) , Jun 20, 2026
Bricksable for Bricks Builder (CVE-2026-56009) , Jun 20, 2026
Offload, AI &amp; Optimize with Cloudflare Images (CVE-2026-9860) , Jun 20, 2026
Royal Elementor Addons and Templates (CVE-2026-8118) , Jun 20, 2026