Critical severity9.8NVD Advisory· Published Nov 3, 2023· Updated Apr 8, 2026

CVE-2023-3277

Description

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address.

Affected products

Inspireui/Mstore Api
cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*
Range: <=4.10.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854nvdThird Party Advisory
plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.phpnvdProduct
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.038
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000