Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2021-47933: WordPress MStore API allows malicious file uploads
CVE-2021-47933
Summary
The WordPress MStore API has a security issue that allows hackers to upload malicious files to your server without needing a password. This could let them take control of your server. To fix this, update the MStore API to the latest version.
Original title
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attacke...
Original description
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 10 May 2026 · Updated: 30 May 2026 · First seen: 10 May 2026