Security Advisory

CVE-2025-11127

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-21 13:41:07

Last updated 2025-11-21 14:23:36

Assigner WPScan

State PUBLISHED

Description

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.

← Browse all CVEs View on cve.org ↗