The MStore API plugin for WordPress is not secure in versions 3.9.0 and below. This means that if someone knows the ID of an existing user, such as an administrator, they can gain access to that user’s account without having to properly authenticate themselves. This is a serious security issue and should be fixed as soon as possible.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
