{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/mstore-api-plugin-for-wordpress/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2021-47933"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MStore API plugin for WordPress"],"_cs_severities":["critical"],"_cs_tags":["cve","wordpress","file upload","remote code execution"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eCVE-2021-47933 describes an arbitrary file upload vulnerability affecting the MStore API plugin for WordPress, version 2.0.6 and earlier. Unauthenticated attackers can exploit this vulnerability by sending crafted POST requests to the REST API endpoint. Successful exploitation allows the attacker to upload arbitrary files, including PHP scripts, which can then be executed on the server, leading to complete system compromise. This vulnerability poses a significant risk to websites using the affected plugin, as it provides a straightforward path for attackers to gain initial access and establish a persistent foothold. The vulnerability was reported by VulnCheck on May 10, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a WordPress site using the MStore API plugin version 2.0.6 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003e/wp-json/mstore/v1/config_file\u003c/code\u003e REST API endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a file upload with a PHP file containing malicious code.\u003c/li\u003e\n\u003cli\u003eThe attacker names the PHP file with an arbitrary name.\u003c/li\u003e\n\u003cli\u003eThe server saves the uploaded PHP file to a publicly accessible directory.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP request to the uploaded PHP file\u0026rsquo;s URL.\u003c/li\u003e\n\u003cli\u003eThe web server executes the PHP code within the uploaded file.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution on the server, enabling further malicious activities like installing backdoors, data exfiltration, or defacement.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2021-47933 allows unauthenticated attackers to achieve remote code execution on the affected WordPress server. This could lead to complete compromise of the website, including data theft, defacement, or use of the server as a launching point for other attacks. Given the wide usage of WordPress and its plugins, this vulnerability could potentially affect thousands of websites if left unpatched. The CVSS v3.1 base score for this vulnerability is 9.8, indicating a critical severity level.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the MStore API plugin to a version later than 2.0.6 to patch CVE-2021-47933.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests to the \u003ccode\u003e/wp-json/mstore/v1/config_file\u003c/code\u003e endpoint containing suspicious file uploads.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/wp-json/mstore/v1/config_file\u003c/code\u003e endpoint and review any uploaded files for malicious content.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious file uploads to the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eRestrict file upload permissions on the WordPress server to prevent arbitrary file uploads, mitigating the impact of similar vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T13:18:59Z","date_published":"2026-05-10T13:18:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47933-wordpress-file-upload/","summary":"WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability, allowing unauthenticated attackers to upload malicious files via POST requests to the REST API, leading to remote code execution.","title":"CVE-2021-47933 - WordPress MStore API Arbitrary File Upload","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47933-wordpress-file-upload/"}],"language":"en","title":"CraftedSignal Threat Feed — MStore API Plugin for WordPress","version":"https://jsonfeed.org/version/1.1"}