CVE-2023-3076

Published: Jul 10, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

Affected (1)

Products: Inspireui: Mstore Api

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Inspireui Mstore Api	Before 3.9.9

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.