exploitDog

CVE-2021-24148

Опубликовано: 18 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

Ссылки

https://wpscan.com/vulnerability/bf5ddc43-974d-41fa-8276-c1a27d3cc882
Third Party Advisory
https://wpscan.com/vulnerability/bf5ddc43-974d-41fa-8276-c1a27d3cc882
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*

Версия до 3.2.0 (исключая)

EPSS

Процентиль: 90%

0.05628

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-99jg-2fvv-2jfq

github

больше 3 лет назад

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

EPSS

Процентиль: 90%

0.05628

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

CWE-287