Description

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. This can be paired with a registration endpoint for unauthenticated users to exploit the issue.

INFO

Published Date :

2024-09-13T15:10:45.570Z

Last Modified :

2026-04-08T17:35:06.697Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8242 vulnerability.

Vendors Products
Inspireui
  • Mstore Api

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact