Mstoreapp Mobile (App

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.

Basic Information

ID CVE-2025-11127

Source WPScan

Published Nov 21, 2025 at 13:41

Modified Nov 21, 2025 at 14:23

Affected Product

Vendor Unknown

Product Mstoreapp Mobile App

Affected Versions Unknown Mstoreapp Mobile App 0
Unknown Mstoreapp Mobile Multivendor 0

CWE Classification

References

wpscan.com /vulnerability/6432bd1a-6e44-4a3f-890b-df2bd877d626/

{
    "lastseen": "",
    "description": "The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.",
    "published": "2025-11-21T13:41:07.728Z",
    "modified": "2025-11-21T14:23:36.421Z",
    "type": "cve",
    "title": "Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/6432bd1a-6e44-4a3f-890b-df2bd877d626/",
    "id": "CVE-2025-11127",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Mstoreapp Mobile App 0\nUnknown Mstoreapp Mobile Multivendor 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mstoreapp Mobile App",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation_CVE-2025-11127