This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Authentication Bypass in MStore API. π **Consequences**: Attackers can impersonate ANY user (even Admins) just by knowing their User ID. Total loss of integrity and confidentiality.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-288 (Authentication Bypass). π **Flaw**: Insufficient verification of the user during 'add listing' REST API requests. The system trusts the supplied user ID without proper validation.
π **Hackers Can**: Log in as ANY existing user. π **Privileges**: If they know an Admin's ID, they get full Admin access. π **Data**: Full read/write access to site content.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: LOW. π **Auth**: None required (Unauthenticated). βοΈ **Config**: Only need the target User ID. No complex setup needed.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: YES. π **PoCs**: Available on GitHub (e.g., RandomRobbieBF, Jenderal92). π€ **Scanners**: Nuclei templates and Python scripts exist for mass exploitation.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for MStore API endpoints. π§ͺ **Test**: Try adding a listing with a different User ID. β **Indicator**: If the action succeeds under another user's context, you are vulnerable.
π§ **No Patch?**: Disable the 'Add Listing' REST API endpoint. π **Mitigation**: Temporarily deactivate the MStore API plugin if updates aren't possible. π« **Block**: Restrict access to `/wp-json/mstore-api/` routes.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: CRITICAL. π¨ **Priority**: P1. β±οΈ **Time**: Patch NOW. CVSS Score is High (9.8). Unauthenticated access to Admin accounts is a nightmare scenario.