Critical severity9.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026
CVE-2020-36713
CVE-2020-36713
Description
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin/nvdExploit
- www.acunetix.com/vulnerabilities/web/wordpress-plugin-mstore-api-security-bypass-2-1-5/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1dnvdThird Party Advisory
News mentions
0No linked articles in our index yet.