ГлавнаяУязвимости → CVE-2021-47933
9.8критическая

CVE-2021-47933

Описание

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://wordpress.org/plugins/mstore-api/https://www.exploit-db.com/exploits/50379https://www.vulncheck.com/advisories/wordpress-mstore-api-arbitrary-file-upload