Unauthorized User Registration Vulnerability in MStore API Plugin
CVE-2024-8269

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
Mstore Api – Create Native Android & iOS Apps On The Cloud
Vendor
CVE Published:
13 September 2024

Summary

The MStore API Plugin, used for creating native Android and iOS applications on the WordPress platform, is vulnerable to unauthorized user registration across all versions up to and including 4.15.3. This vulnerability arises from the lack of validation when registering users through the register() function. Attackers can exploit this flaw to create user accounts on WordPress sites, undermining the user registration settings intended to restrict such actions. The vulnerability poses significant risks, particularly for sites where user registration should be disabled. Site administrators are advised to assess their use of the MStore API Plugin and consider applying necessary patches or updates to safeguard their environments.

Affected Version(s)

MStore API – Create Native Android & iOS Apps On The Cloud * <= 4.15.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/mstore-api/tag...
https://plugins.trac.wordpress.org/browser/mstore-api/tag...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wesley
.