CVE-2023-2732 Scanner

The Inspireui MStore API plugin for WordPress is a powerful tool used for connecting mobile apps with WooCommerce stores. This plugin is designed to make the process of building and managing online stores easier, faster and more efficient. The MStore API plugin enables developers and business owners to connect their WooCommerce store with a mobile app that can be accessed by their customers on different devices.

However, recently this popular plugin has been found to have a serious vulnerability flaw with the CVE-2023-2732 code. The vulnerability has been discovered in the authentication system of the plugin which can be easily bypassed, and it allows attackers to log in as any existing user on the site if they have access to their user id. The vulnerability is present in plugin versions up to and including 3.9.2.

This vulnerability can cause serious damage to a website if exploited by attackers. Hackers can gain access to sensitive information stored on the website such as usernames and passwords. The attackers can also execute malicious code and compromise the security of the website with little to no resistance.

Thanks to the pro features of the securityforeveryone.com platform, website owners can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive information about cyber threats in real-time, empowering businesses and website owners to take action proactively and prevent potential damage. By leveraging the free vulnerability scanner feature, website owners can use the platform to scan and identify weaknesses in their website's security. 

REFERENCES

• https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/listing-rest-api/class.api.fields.php#L1079
• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916124%40mstore-api&old=2915729%40mstore-api&sfp_email=&sfph_mail=#file58
• https://www.wordfence.com/threat-intel/vulnerabilities/id/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=cve