CVE-2021-24148
CRITICALMStore API < 3.2.0 - Unauthenticated Authentication Bypass via Sign In With Apple
Title source: llmDescription
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/bf5ddc43-974d-41fa-8276-c1a27d3cc882
Scores
CVSS v3
9.8
EPSS
0.0337
EPSS Percentile
87.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
inspireui/mstore_api
< 3.2.0
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026