CVE-2023-3076

Exploit

EPSS 1.73%
Veröffentlicht 10.07.2023 16:15:54
Zuletzt bearbeitet 21.11.2024 08:16:23
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

MStore API <= 3.9.8 - Unauthenticated Privilege Escalation

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

Mögliche Gegenmaßnahme

MStore API – Create Native Android & iOS Apps On The Cloud: Update to version 3.9.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inspireui ≫ Mstore Api SwPlatformwordpress Version < 3.9.9

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt MStore API – Create Native Android & iOS Apps On The Cloud

Version *-3.9.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.73%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1cc8c4-6c14-4d0c-9420-02d709f88b2f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3076

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3076