Mstore Api Create Native Android Ios Apps On The Cloud

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3568 MEDIUM This Month

Authenticated subscribers and above in WordPress sites using MStore API plugin up to version 4.18.3 can modify arbitrary user meta fields on their own accounts, including legacy privilege escalation keys like wp_user_level and plugin-specific authorization flags, potentially leading to privilege escalation or stored XSS. The vulnerability stems from the update_user_profile() function accepting unsanitized, user-supplied meta_data JSON without allowlist or validation before passing it directly to update_user_meta(). No public exploit code or active exploitation has been identified at this time.

WordPress PHP Privilege Escalation Mstore Api Create Native Android Ios Apps On The Cloud
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3568
EPSS 0% CVSS 4.3
MEDIUM This Month

Authenticated subscribers and above in WordPress sites using MStore API plugin up to version 4.18.3 can modify arbitrary user meta fields on their own accounts, including legacy privilege escalation keys like wp_user_level and plugin-specific authorization flags, potentially leading to privilege escalation or stored XSS. The vulnerability stems from the update_user_profile() function accepting unsanitized, user-supplied meta_data JSON without allowlist or validation before passing it directly to update_user_meta(). No public exploit code or active exploitation has been identified at this time.

WordPress PHP Privilege Escalation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy