Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-3277 — Authentication Bypass Using an Alternate Path or Channel in Mstore API Create Native Android IOS Apps ON THE Cloud

CWE-288 — Authentication Bypass Using an Alternate Path or Channel CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

9.8CRITICALNVD

EPSS

38.7%

top 2.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Inspireui Mstore API Create Native Android IOS Apps ON THE Cloud Inspireui Mstore API

Timeline

PublishedNov 3

Latest updateApr 11

Description

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDinspireui/mstore_api4.10.7

▶CVEListV5inspireui/mstore_api_create_native_android_ios_apps_on_the_cloud4.10.7

🔴Vulnerability Details

VulDB

inspireui MStore API Plugin up to 4.10.7 on WordPress Apple Login authentication bypass↗2026-04-11

▶

CVEList

MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation↗2023-11-03

▶

GHSA

GHSA-7pc7-crj3-6p7v: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4↗2023-11-03

▶

VulnCheck

MStore API plugin for WordPress Priviledge Escalation Vulnerability↗2023

▶

💥Exploits & PoCs

Nuclei

MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

▶

📋Vendor Advisories

Red Hat

openstack-neutron: unrestricted creation of security groups (fix for CVE-2022-3277)↗2023-07-12

▶