CVE-2023-3076 Vulnerability Details

  /     /     /  

CVE-2023-3076 Metadata Quick Info

CVE Published: 10/07/2023 | CVE Updated: 12/11/2024 | CVE Year: 2023
Source: WPScan | Vendor: Unknown | Product: MStore API
Status : PUBLISHED

---

CVE-2023-3076 Description

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin\'s pro features.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-862 Missing Authorization
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).