cleantalk
Vulnerabilities and Security Researches

MStore API, CVE-2021-47933

CVE, Research URL

CVE-2021-47933

Home page URL

Security reports for MStore API

Application

MStore API

Published on
May 10, 2026
Research Description
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.
Affected versions
max 2.0.6.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (CVE-2024-12042) , Dec 15, 2024
MStore API (CVE-2024-7628) , Aug 16, 2024
MStore API (CVE-2025-3438) , May 04, 2025
MStore API (CVE-2026-3568) , Apr 13, 2026
New vulnerability
BJ Lazy Load (CVE-2026-2300) , May 13, 2026
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2021-47941) , May 13, 2026
WP SEO Structured Data Schema (CVE-2026-3604) , May 13, 2026
WP Data Access (CVE-2026-42665) , May 13, 2026
Asset CleanUp: Page Speed Booster (CVE-2026-45212) , May 13, 2026