Security Advisory

CVE-2021-24148

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-18 14:57:50

Last updated 2024-08-03 19:21:18

Assigner WPScan

State PUBLISHED

Description

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

← Browse all CVEs View on cve.org ↗