cleantalk
Vulnerabilities and Security Researches

MStore API, CVE-2025-4683

CVE, Research URL

CVE-2025-4683

Home page URL

Security reports for MStore API

Application

MStore API

Published on
May 27, 2025
Research Description
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new posts.
Affected versions
Min -, max 4.17.6.
Status
vulnerable
Previous vulnerability researches
WordPress SQL Backup (CVE-2025-30608) , Mar 27, 2025
New vulnerability
Glossary by WPPedia – Best Glossary plugin for WordPress (CVE-2025-4803) , May 28, 2025
Import Social Events (CVE-2025-48256) , May 28, 2025
MStore API (CVE-2025-4683) , May 28, 2025
WP Statistics , May 27, 2025
Hostinger , May 27, 2025