Lucene search

K
patchstackLana CodesPATCHSTACK:5C5BCCB72AD3A066E69003D4B6BB57E1
HistoryMay 25, 2023 - 12:00 a.m.

WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication

2023-05-2500:00:00
Lana Codes
patchstack.com
1
wordpress mstore api plugin
broken authentication
vulnerable version
fixed version
owasp top 10
cve-2023-2732
patch priority high
cvss severity high
developer claim ownership
unauthenticated privilege
published date

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

Low

EPSS

0.189

Percentile

96.4%

Software

MStore API

Type

Plugin

Vulnerable versions

<= 3.9.2

Fixed in

3.9.3

OWASP Top 10

A2: Broken Authentication

Classification

Broken Authentication

CVE

CVE-2023-2732

Patch priority

High

CVSS severity

High (9.8)

Developer

Claim ownership

PSID

9a2f0204ce39

Credits

Lana Codes

Required privilege

Unauthenticated

Published

25 May, 2023

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
fluxbuildermstore_apiRange≀3.9.2
VendorProductVersionCPE
fluxbuildermstore_api*cpe:2.3:a:fluxbuilder:mstore_api:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

Low

EPSS

0.189

Percentile

96.4%

Related for PATCHSTACK:5C5BCCB72AD3A066E69003D4B6BB57E1