CVE-2023-2732

Description

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Wordfence
Severity: CRITICAL
CVE ID: CVE-2023-2732
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-2732

Refrence: Project Discovery GitHub

RandomRobbieBF

MStore API <= 3.9.2 - Authentication Bypass

Refrence: GitHub

Jenderal92

Python 2.7

Refrence: GitHub

ThatNotEasy

Perform With Massive Authentication Bypass (Wordpress Mstore-API)

Refrence: GitHub

Content on GitHub

Impalabs | watchers:167

CVE-2023-27326
VM Escape for Parallels Desktop <18.1.1

Refrence: GitHub

Malwareman007 | watchers:37

CVE-2023-27326
VM Escape for Parallels Desktop <18.1.1

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub