CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 16 hours ago•53 views

MStore API < 3.9.8 - SQL Injection

The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the productid parameter. id: CVE-2023-3077 info: name: MStore API 3.9.8 - SQL Injection author: DhiyaneshDK severity: critical description: | The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind S...

9.8CVSS7.3AI score0.04873EPSS

Exploits2References2

Nuclei•added yesterday•10 views

MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

9.8CVSS7.3AI score0.02888EPSS

Exploits0References4

NVD•added 2026/06/17 2:17 p.m.•7 views

CVE-2026-54817

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS

Cvelist•added 2026/06/17 1:36 p.m.•27 views

CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS

EUVD•added 2026/06/17 1:36 p.m.•10 views

EUVD-2026-37706

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS5.2AI score0.00261EPSS

RedhatCVE•added 2026/05/11 8:25 p.m.•5 views

CVE-2021-47933

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

EUVD•added 2026/05/10 3:31 p.m.•14 views

EUVD-2021-34795

NVD•added 2026/05/10 1:16 p.m.•8 views

Exploits0References4

CVE-2021-47933

9.8CVSS0.00587EPSS

Cvelist•added 2026/05/10 12:43 p.m.•30 views

CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload

9.8CVSS0.00587EPSS

ATTACKERKB•added 2026/05/10 12:43 p.m.•8 views

CVE-2021-47933

Exploits0References3Affected Software1

CVE•added 2026/05/10 12:43 p.m.•13 views

CVE-2021-47933

CVE-2021-47933 affects WordPress MStore API 2.0.6, where an arbitrary file upload vulnerability exists. An unauthenticated attacker can send POST requests to the REST API endpoint and upload PHP files with arbitrary names to the config_file endpoint, enabling remote code execution on the server. ...

Vulnrichment•added 2026/05/10 12:43 p.m.•8 views

CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload

CNNVD•added 2026/05/10 12:0 a.m.•7 views

WordPress plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.3AI score0.00587EPSS

Positive Technologies•added 2026/05/10 12:0 a.m.•8 views

PT-2026-39509