Lucene search
HistoryJul 10, 2023 - 4:15 p.m.
CVE-2023-3131
cve-2023-3131
ajax actions
privilege checks
nonce checks
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.1%
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Affected configurations
Node
inspireuimstore_apiRange<3.9.7wordpress
Related
prion
prion
Privilege escalation
2023-07-10 16:15:00
cvelist
cvelist
CVE-2023-3131 MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-07-10 12:41:17
cve
cve
CVE-2023-3131
2023-07-10 16:15:55
wpvulndb
wpvulndb
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-06-19 00:00:00
wpexploit
wpexploit
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-06-19 00:00:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.1%
Related for NVD:CVE-2023-3131