Home / Vulnerability Intelligence / CVE-2021-47933

CVE-2021-47933 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 10, 2026

WordPress MStore API - Unrestricted File Upload

Published: May 10, 2026Updated: May 10, 2026Remote Exploitable

Overview

WordPress MStore API 2.0.6 contains an unrestricted file upload vulnerability caused by lack of proper validation in the config_file REST API endpoint, letting unauthenticated attackers upload malicious PHP files and achieve remote code execution.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can upload malicious files and execute arbitrary code on the server, leading to full server compromise.

Mitigation

Update to the latest version of WordPress MStore API that patches this vulnerability.

References

https://wordpress.org/plugins/mstore-api/
https://www.exploit-db.com/exploits/50379
https://www.vulncheck.com/advisories/wordpress-mstore-api-arbitrary-file-upload

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2021-47933
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: new

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H