exploitDog

CVE-2025-11127

Опубликовано: 21 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.

Ссылки

https://wpscan.com/vulnerability/6432bd1a-6e44-4a3f-890b-df2bd877d626/

EPSS

Процентиль: 35%

0.0014

Низкий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-9mf8-fwp6-wv6x

CVSS3: 9.8

github

3 месяца назад

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.

EPSS

Процентиль: 35%

0.0014

Низкий

9.8 Critical

CVSS3

Дефекты