Mstoreapp Mobile WordPress Plugin Unauthenticated Privilege Escalation Vulnerability

A vulnerability exists in the Mstoreapp Mobile App WordPress plugin, versions through 2.08, and the Mstoreapp Mobile Multivendor plugin, versions through 9.0.1. These plugins fail to properly verify user identities during certain AJAX actions. This flaw allows unauthenticated users to obtain a valid session for any user by simply knowing their email address.

Impact

Exploitation of this vulnerability allows for unauthenticated users to bypass authentication mechanisms, potentially leading to unauthorized access to user sessions and associated privileges.

Reproduction

To reproduce this vulnerability, send a POST request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'mstoreapp-google_connect'. Include the 'access_token' and the target user's email address in the request. This will retrieve a valid session for the specified user, bypassing authentication requirements.