ThreatPress

WordPress Vulnerability Database

Back

WordPress MStore API plugin <= 3.1.9 - Bypass vulnerability in Apple login authentication method

Product
MStore API
Description
Bypass vulnerability in Apple login authentication method found by Vincent Datrier in WordPress MStore API plugin (versions <= 3.1.9).
Solution
Update the WordPress MStore API plugin to the latest available version (at least 3.2.0)
Classification
Type Bypass Vulnerability
OWASP Top 10 A2: Broken Authentication and Session Management
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.1.9
Fixed In 3.2.0
Disclosure date
2021-02-02
Credits
Vincent Datrier