Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-3076

Published: 10/07/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Mstore Api

Vulnerability Summary

The MStore API WordPress plugin prior to 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

inspireui mstore api

Github Repositories

https://github.com/im-hanzou/MSAPer

Automatic Mass Tool for check and exploiting vulnerability in CVE-2023-3076 - MStore API < 3.9.9 - Unauthenticated Privilege Escalation (Mass Add Admin + PHP File Upload)

MSAPer | CVE-2023-3076 - MStore API Automatic Mass Tool for check and exploiting vulnerability in CVE-2023-3076 - MStore API &lt; 399 - Unauthenticated Privilege Escalation (Mass Add Admin + PHP File Upload) Using GNU Parallel You must have parallel for run this tool If you found error like "$'\r': command not found" just do "dos2unix msapers

References

CWE-862https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5bhttps://nvd.nist.govhttps://github.com/im-hanzou/MSAPer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook