PatchSiren

PatchSiren cyber security CVE debrief

CVE-2021-47933 Wordpress CVE debrief

CVE-2021-47933 is a critical unauthenticated arbitrary file upload issue affecting the MStore API WordPress plugin, described as allowing attackers to POST malicious files to a REST API endpoint and potentially reach remote code execution on vulnerable servers. The supplied NVD record maps the issue to CWE-306, and the record’s references point to the plugin page plus external VulnCheck and Exploit-DB materials. Treat this as an immediate patch-and-audit item for any exposed installation of the affected plugin version.

Vendor
Wordpress
Product
Unknown
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-10
Original CVE updated
2026-05-10
Advisory published
2026-05-10
Advisory updated
2026-05-10

Who should care

WordPress administrators, site owners, managed hosting providers, and incident responders responsible for sites using the MStore API plugin, especially environments running version 2.0.6 or otherwise exposed REST API endpoints.

Technical summary

The supplied CVE description states that MStore API 2.0.6 contains an arbitrary file upload vulnerability reachable by unauthenticated POST requests to a REST API endpoint. The record says attackers can upload PHP files with arbitrary names to the config_file endpoint, creating a path to remote code execution. The NVD source item classifies the weakness as CWE-306 (Missing Authentication for Critical Function) and rates the impact as network-exploitable with no privileges or user interaction required.

Defensive priority

Immediate

Recommended defensive actions

  • Identify whether the MStore API WordPress plugin is installed anywhere in your environment and confirm the exact version in use.
  • If version 2.0.6 is present or exposure cannot be ruled out quickly, disable or remove the plugin until a vendor fix is verified.
  • Restrict and monitor access to WordPress REST API endpoints, especially any endpoint related to file upload or configuration handling.
  • Review web server and application logs for unexpected uploads, new PHP files, or other signs of unauthorized content placement.
  • Validate server-side file upload controls and ensure executable file types cannot be written into web-accessible paths.
  • If compromise is suspected, isolate the host, collect forensic evidence, and rotate any credentials or secrets that may have been exposed on the server.

Evidence notes

This debrief is based on the supplied CVE description and the NVD source item published/modified on 2026-05-10. Supporting references in the corpus include the WordPress plugin page, a VulnCheck advisory, and an Exploit-DB entry. The supplied corpus does not include a fixed version or vendor remediation notice, so remediation guidance here is limited to containment and verification. The vendor field in the source data is low-confidence and needs review; the evidence most strongly indicates the MStore API WordPress plugin rather than WordPress core.

Official resources

The supplied NVD record shows the CVE published and modified on 2026-05-10. The corpus cites the WordPress plugin page along with VulnCheck and Exploit-DB references, indicating the issue was externally documented and then reflected in NVD.