cleantalk
Vulnerabilities and Security Researches

MStore API, CVE-2020-36713

CVE, Research URL

CVE-2020-36713

Home page URL

Security reports for MStore API

Application

MStore API

Published on
Jun 07, 2023
Research Description
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.
Affected versions
Min -, max 3.9.6.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (CVE-2024-12042) , Dec 15, 2024
MStore API (CVE-2024-7628) , Aug 16, 2024
MStore API (CVE-2025-3438) , May 04, 2025
MStore API (CVE-2021-24148) , Jun 07, 2024
New vulnerability
Author Box After Posts (CVE-2025-46263) , May 05, 2025
WP Vegas (CVE-2025-43841) , May 05, 2025
Crossword Compiler Puzzles (CVE-2025-46490) , May 05, 2025
CheckBot (CVE-2025-43840) , May 05, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-3521) , May 05, 2025