Every CVE whose affected-product data names Inspireui Mstore Api, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2023-3277 — CVSS 9.8 (critical): The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including…
CVE-2021-24148 — CVSS 9.8 (critical): A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple…
CVE-2023-3197 — CVSS 9.8 (critical): The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and…
CVE-2023-2732 — CVSS 9.8 (critical): The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to…
CVE-2023-2733 — CVSS 9.8 (critical): The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to…
CVE-2023-2734 — CVSS 9.8 (critical): The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to…
CVE-2023-3076 — CVSS 9.8 (critical): The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their…
CVE-2023-3077 — CVSS 9.8 (critical): The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a…
CVE-2020-36713 — CVSS 9.8 (critical): The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to…
CVE-2024-6328 — CVSS 9.8 (critical): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all…
CVE-2023-45055 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL…
CVE-2024-7628 — CVSS 8.1 (high): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up…
CVE-2024-8269 — CVSS 7.3 (high): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in…
CVE-2025-3438 — CVSS 6.5 (medium): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all…
CVE-2024-11179 — CVSS 6.5 (medium): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type'…
CVE-2024-12042 — CVSS 5.4 (medium): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2023-50878 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.
CVE-2025-4683 — CVSS 4.3 (medium): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data…
CVE-2023-3131 — CVSS 4.3 (medium): The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a…
CVE-2023-3198 — CVSS 4.3 (medium): The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the…
CVE-2023-3199 — CVSS 4.3 (medium): The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the…
CVE-2023-3200 — CVSS 4.3 (medium): The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the…
CVE-2023-3201 — CVSS 4.3 (medium): The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the…
CVE-2023-3202 — CVSS 4.3 (medium): The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the…
CVE-2023-3203 — CVSS 4.3 (medium): The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the…
CVE-2024-8242 — CVSS 4.3 (medium): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to…
CVE-2023-3209 — CVSS 3.5 (low): The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a…