331 matches found
WordPress MStore API plugin <= 4.14.7 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Truoc Phan in WordPress Plugin MStore API versions = 4.14.7...
WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...
WordPress plugin MStore API security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
VulnCheck KEV: CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated...
MStore API < 4.10.2 - Cross-Site Request Forgery
Description The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.10.2 exclusive. This is due to missing or incorrect nonce validation in the templates/admin/mstore-api-admin-dashboard.php file. This makes it possible for unauthenticated attackers...
CVE-2023-50878
Cross-Site Request Forgery CSRF vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1...
CVE-2023-50878
Cross-Site Request Forgery CSRF vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1...
CVE-2023-50878 WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1...
CVE-2023-50878
CVE-2023-50878 concerns a CSRF vulnerability in InspireUI MStore API. The connected Red Hat entry confirms a Cross-Site Request Forgery affecting the MStore API up to version 4.10.1. The initial and connected documents do not provide technical details about the root cause beyond CSRF, affected co...
CVE-2023-50878 WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1...
WordPress Plugin MStore API Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software MStore API Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50878 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f4e7104141c9 Credits Mika Required privileg...
MStore API < 4.0.7 - Subscriber+ SQLi
Description The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...
CVE-2023-45055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6...
CVE-2023-45055
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6...
CVE-2023-45055 WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6...
CVE-2023-45055 WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6...
CVE-2023-45055
CVE-2023-45055 is a SQL injection in WordPress/MStore API (InspireUI MStore API) plugin