CVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*

History

13 Nov 2023, 18:30

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve -~~	(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve - Third Party Advisory
References	~~(MISC) https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821 -~~	(MISC) https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821 - Product
CPE		cpe:2.3:a:inspireui:mstore_api::::::wordpress::*
First Time		Inspireui mstore Api Inspireui

07 Nov 2023, 04:18

Type	Values Removed	Values Added
CWE	~~CWE-288~~

03 Nov 2023, 13:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-03 12:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-3277

Mitre link : CVE-2023-3277

CVE.ORG link : CVE-2023-3277

JSON object : View

Products Affected

inspireui

mstore_api

CWE

NVD-CWE-Other

{"id": "CVE-2023-3277", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-03T12:15:08.650", "references": [{"url": "https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago."}, {"lang": "es", "value": "El complemento API de MStore para WordPress es vulnerable al acceso no autorizado a cuentas y a la escalada de privilegios en versiones hasta la 4.10.7 incluida debido a una implementaci\u00f3n incorrecta de la funci\u00f3n de inicio de sesi\u00f3n de Apple. Esto permite a atacantes no autenticados iniciar sesi\u00f3n como cualquier usuario siempre que conozcan la direcci\u00f3n de correo electr\u00f3nico del usuario. Estamos divulgando este problema porque el desarrollador a\u00fan no ha lanzado un parche, pero contin\u00faa lanzando actualizaciones y escalamos este problema al equipo del complemento hace 30 d\u00edas."}], "lastModified": "2023-11-13T18:30:53.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D572F64E-4E47-492F-86CF-D41F26BE0FEE", "versionEndIncluding": "4.10.7"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}