cleantalk
Vulnerabilities and Security Researches

MStore API, CVE-2024-8269

CVE, Research URL

CVE-2024-8269

Home page URL

Security reports for MStore API

Application

MStore API

Published on
Sep 13, 2024
Research Description
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated.
Affected versions
Min -, max 4.15.4.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (CVE-2024-12042) , Dec 15, 2024
MStore API (CVE-2024-7628) , Aug 16, 2024
MStore API (CVE-2025-3438) , May 04, 2025
MStore API (CVE-2021-24148) , Jun 07, 2024
New vulnerability
CheckBot (CVE-2025-43840) , May 05, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-3521) , May 05, 2025
AM LottiePlayer – Vector animations for WordPress (CVE-2025-1529) , May 05, 2025
WordPress Easy Guide (CVE-2025-46460) , May 05, 2025
Page View Count (CVE-2025-2816) , May 05, 2025