[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-QjNkF8JyzFdsFo7demLh_X5BL_4YgPT7CAfgA52MUY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":9,"research_verified":22,"research_rounds_completed":23,"research_plan":9,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":9,"research_started_at":9,"research_completed_at":9,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":22,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":22,"source_links":24},"CVE-2023-3076","mstore-api-unauthenticated-privilege-escalation","MStore API \u003C= 3.9.8 - Unauthenticated Privilege Escalation","The MStore API plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 3.9.8 due to insufficient restriction on roles supplied during registration through the \u002Fregister REST route. This allows unauthenticated attackers register as administrators.","mstore-api",null,"\u003C=3.9.8","3.9.9","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Incorrect Privilege Assignment","2023-06-19 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7d1cc8c4-6c14-4d0c-9420-02d709f88b2f?source=api-prod",218,[],false,0,{"type":25,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":26},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fmstore-api\u002Ftags"]