Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2732 PoC — MStore API <= 3.9.2 - Authentication Bypass

Source
https://github.com/ThatNotEasy/CVE-2023-2732
Associated Vulnerability
Title:MStore API <= 3.9.2 - Authentication Bypass (CVE-2023-2732)
Description:The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
Description
Perform With Massive Authentication Bypass (Wordpress Mstore-API)
Readme
## CVE-2023-2732
- Mstore WordPress APIs Vulnerable Scanner is a powerful and user-friendly tool designed to identify potential vulnerabilities in WordPress sites by inspecting their API endpoints.
The scanner aims to assist website owners, developers, and security professionals in proactively identifying security weaknesses in their WordPress installations,
thereby enhancing the overall security posture of their websites.
## Screenshot
![Screenshot_1](https://github.com/Pari-Malam/CVE-2023-2732/assets/25004320/c0bc7a8b-0e95-4e3e-b039-ff5a73a95fca)
## Requirements
- Python3.7+
## Supported Os
- Linuxer
- Wingays
## Get start with
```
$ git clone https://github.com/Pari-Malam/CVE-2023-2732
$ cd CVE-2023-2732
$ pip/pip3 install -r requirements.txt
$ python/python3 mstore.py
```
## Footprints Notes
- By using this tool, you agree that you are using it for educational purposes only and that you will not use it for any illegal activity. You also agree to bear all risks associated with the use of this tool. I will not be responsible for direct or indirect damage caused by the use of this tool. Don't suyyyyyyyyyyyyyyyyyyyy me!
## Author
- Pari Malam
## Contacts
[![Telegram](https://img.shields.io/badge/-Telegram-blue)](https://telegram.me/SurpriseMTFK)
[![Discord](https://img.shields.io/badge/-Discord-purple)](https://discordapp.com/users/829404192585678858)
File Snapshot

 [4.0K]  /data/pocs/ad4ebe1b79b5975e8934a6bb963936d79ed6a59c
├── [4.0K]  lib
│   └── [390K]  ua.txt
├── [9.8K]  mstore.py
├── [1.3K]  README.md
├── [  34]  requirements.txt
└── [4.0K]  Results
    └── [1.1K]  w00t.txt

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →