CVE-2021-47933
CRITICAL NVDCVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
May 10, 2026
Description
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.