{"vulnerability": "CVE-2024-8242", "sightings": [{"uuid": "219aa715-1c4d-4b58-8bf7-05ecd25adc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8242", "type": "seen", "source": "https://t.me/cvedetector/5612", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-8242 - WordPress MStore API Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-8242 \nPublished : Sept. 13, 2024, 3:15 p.m. | 39\u00a0minutes ago \nDescription : The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. This can be paired with a registration endpoint for unauthenticated users to exploit the issue. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T17:57:58.000000Z"}]}