Lucene search

[email protected]NVD:CVE-2023-3199

HistoryJul 12, 2023 - 5:15 a.m.

CVE-2023-3199

2023-07-1205:15:10

[email protected]

web.nvd.nist.gov

wordpress

mstore api

cross-site request forgery

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected configurations

NVD

Node

inspireuimstore_apiRange≤3.9.6wordpress

References

plugins.trac.wordpress.org/browser/mstore-api/trunk/mstore-api.php#L256

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for NVD:CVE-2023-3199

cvelist1 prion1 cve1 wpvulndb1 wordfence1