9.8

CVE-2023-3076

Exploit

EPSS 26.72%
Veröffentlicht 10.07.2023 16:15:54
Zuletzt bearbeitet 21.11.2024 08:16:23
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

MStore API <= 3.9.8 - Unauthenticated Privilege Escalation

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

Mögliche Gegenmaßnahme

MStore API – Create Native Android & iOS Apps On The Cloud: Update to version 3.9.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt MStore API – Create Native Android & iOS Apps On The Cloud

Version *-3.9.8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inspireui ≫ Mstore Api SwPlatformwordpress Version < 3.9.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	26.72%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1cc8c4-6c14-4d0c-9420-02d709f88b2f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3076

EUVD