exploitDog

CVE-2023-3076

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

Ссылки

https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*

Версия до 3.9.9 (исключая)

EPSS

Процентиль: 96%

0.2672

Средний

9.8 Critical

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-gwr5-qqvh-c57m

CVSS3: 9.8

github

больше 2 лет назад

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

EPSS

Процентиль: 96%

0.2672

Средний

9.8 Critical

CVSS3

Дефекты

CWE-862