Lucene search
HistoryJul 10, 2023 - 4:15 p.m.
CVE-2023-3209
cve-2023-3209
mstore api
wordpress
security
vulnerability
ajax
privilege checks
nonce checks
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.3%
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Affected configurations
Node
inspireuimstore_apiRange<3.9.7wordpress
Related
cve
cve
CVE-2023-3209
2023-07-10 16:15:55
prion
prion
Privilege escalation
2023-07-10 16:15:00
cvelist
cvelist
CVE-2023-3209 MStore API < 3.9.7 - Settings Update via CSRF
2023-07-10 12:41:04
wpvulndb
wpvulndb
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-06-19 00:00:00
wpexploit
wpexploit
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-06-19 00:00:00
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.3%
Related for NVD:CVE-2023-3209