Login Sign Up

CVE-2023-2732

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

The MStore API plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, by exploiting insufficient verification in the add listing REST API endpoint. This affects all WordPress sites using MStore API plugin versions up to and including 3.9.2. Attackers only need access to a target user's ID to exploit this vulnerability.

💻 Affected Systems

Products:
  • WordPress MStore API plugin
Versions: All versions up to and including 3.9.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the MStore API plugin to be installed and active on a WordPress site. The vulnerable REST API endpoint is typically accessible if the site is publicly accessible.

📦 What is this software?

Mstore Api by Inspireui

View all CVEs affecting Mstore Api →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover where attackers gain administrative access, install backdoors, steal sensitive data, deface the site, or use it for further attacks.

🟠

Likely Case

Attackers gain administrative privileges and compromise the WordPress site, potentially leading to data theft, malware installation, or site defacement.

🟢

If Mitigated

Limited impact if strong network controls prevent external access to the vulnerable endpoint or if additional authentication layers exist.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of a target user ID and access to the vulnerable REST API endpoint. The vulnerability is well-documented with public proof-of-concept details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.9.3 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916124%40mstore-api&old=2915729%40mstore-api&sfp_email=&sfph_mail=#file58

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find MStore API plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.9.3+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable MStore API plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible

wp plugin deactivate mstore-api

Restrict REST API access

linux

Use web application firewall or .htaccess to block access to the vulnerable endpoint

# Add to .htaccess: RewriteRule ^wp-json/mstore-api/ - [F,L]

🧯 If You Can't Patch

  • Implement network-level restrictions to block external access to the WordPress REST API endpoints
  • Enable additional authentication layers such as two-factor authentication for all user accounts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → MStore API version. If version is 3.9.2 or lower, the site is vulnerable.

Check Version:

wp plugin get mstore-api --field=version

Verify Fix Applied:

Verify MStore API plugin version is 3.9.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts via REST API
  • Multiple failed login attempts followed by successful admin login from new IP
  • POST requests to /wp-json/mstore-api/ endpoints with user_id parameter

Network Indicators:

  • Unusual traffic patterns to WordPress REST API endpoints
  • POST requests to mstore-api endpoints from unauthenticated sources

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-json/mstore-api/" OR user_agent="*mstore*" OR message="*authentication*bypass*")

📊 Metadata

CVE ID: CVE-2023-2732
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: May 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON