What is CVE-2021-47933?

CVE-2021-47933 is a critical-severity vulnerability in Mstore Api, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-10.

How severe is CVE-2021-47933?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Mstore Api

CVE-2021-47933

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary nam…

Vulnerability class: Broken Authentication

EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mstore Api — versions 2.0.6

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2021-47933?: CVE-2021-47933 is a critical-severity vulnerability in Mstore Api, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-10.
How severe is CVE-2021-47933?: Critical severity. CVSS v3 base score is 9.8 out of 10.