Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5t9j-k4u2-myc9
SummaryThe MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled.
Aliases
0
alias CVE-2024-6328
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6328
reference_id
reference_type
scores
0
value 0.00581
scoring_system epss
scoring_elements 0.69408
published_at 2026-06-11T12:55:00Z
1
value 0.00581
scoring_system epss
scoring_elements 0.69499
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6328
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve
reference_id 17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-12T14:42:43Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve
2
reference_url https://plugins.trac.wordpress.org/changeset/3115231/
reference_id 3115231
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-12T14:42:43Z/
url https://plugins.trac.wordpress.org/changeset/3115231/
3
reference_url https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L699
reference_id flutter-user.php#L699
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-12T14:42:43Z/
url https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L699
4
reference_url https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L714
reference_id flutter-user.php#L714
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-12T14:42:43Z/
url https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L714
Weaknesses
0
cwe_id 288
name Authentication Bypass Using an Alternate Path or Channel
description A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Exploits
Severity_range_score9.8 - 9.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5t9j-k4u2-myc9