cleantalk
Vulnerabilities and Security Researches

MStore API, ae12464a8d35fdcda47994a509b21b1abea6d8e6

CVE, Research URL

ae12464a8d35fdcda47994a509b21b1abea6d8e6

Home page URL

Security reports for MStore API

Application

MStore API

Published on
Oct 05, 2021
Research Description
MStore API &#8211; Create Native Android &amp; iOS Apps On The Cloud [mstore-api] < 3.4.5 MStore API < 3.4.5 - Arbitrary File Upload The MStore API plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization via the api/flutter_woo/config_file REST endpoint in versions before 3.4.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected versions
max 3.4.5.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (fc7ecfd3-a53d-4ea7-8ef3-21d483d8a453) , Jun 16, 2026
MStore API (679d7241-a136-4eb3-a9ec-42de2492ddfc) , Jun 16, 2026
MStore API (6d230f3173dc0c1c7698859557af2d7a08437bac) , Jun 16, 2026
MStore API (d887b5dfeda43393faf6d8656a78dce9004a1e25) , Jun 16, 2026
New vulnerability
Media Library Assistant (CVE-2026-56012) , Jun 20, 2026
MStore API (CVE-2026-54817) , Jun 20, 2026
Bricksable for Bricks Builder (CVE-2026-56009) , Jun 20, 2026
Offload, AI &amp; Optimize with Cloudflare Images (CVE-2026-9860) , Jun 20, 2026
Royal Elementor Addons and Templates (CVE-2026-8118) , Jun 20, 2026