CVE-2021-24148

Published: Mar 18, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

Affected (1)

Products: Inspireui: Mstore Api

Inspireui

1 product

Mstore Api

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Inspireui Mstore Api	Before 3.2.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://wpscan.com/vulnerability/bf5ddc43-974d-41fa-8276-c1a27d3cc882

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/bf5ddc43-974d-41fa-8276-c1a27d3cc882

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.