CVE-2023-3076
CVE-2023-3076 affects the MStore API WordPress plugin (pre-3.9.9). The wholesale REST API endpoint allows unauthenticated visitors to create user accounts with a role of their choice, enabling privilege escalation, and this attack is conditioned on the site owner purchasing pro features. The NVD/...