CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

331 matches found

CNNVD•added 2023/11/06 12:0 a.m.•2 views

WordPress Plugin mstore-api SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

9.8CVSS7.7AI score0.0055EPSS

Exploits0References2

Positive Technologies•added 2023/11/06 12:0 a.m.•2 views

PT-2023-29374 · Inspireui · Inspireui Mstore Api

Name of the Vulnerable Software and Affected Versions: InspireUI MStore API versions 4.0.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

9.8CVSS9.1AI score0.0055EPSS

Exploits0References5

Patchstack•added 2023/11/06 12:0 a.m.•7 views

WordPress MStore API Plugin <= 4.10.7 is vulnerable to Privilege Escalation

Software MStore API Type Plugin Vulnerable versions = 4.10.7 Fixed in 4.10.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3277 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30d740e716a7 Credits Truoc Phan ...

9.8CVSS6.6AI score0.02888EPSS

Exploits0References3Affected Software1

OSV•added 2023/11/03 12:15 p.m.•1 views

CVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

9.8CVSS5.8AI score0.02888EPSS

Exploits0References2

NVD•added 2023/11/03 12:15 p.m.•10 views

CVE-2023-3277

9.8CVSS9AI score0.02888EPSS

Exploits0References3

Prion•added 2023/11/03 12:15 p.m.•14 views

Input validation

7.5CVSS8.7AI score0.02888EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/11/03 11:29 a.m.•42 views

CVE-2023-3277 MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

9.8CVSS9.1AI score0.02888EPSS

Exploits0References3

CVE•added 2023/11/03 11:29 a.m.•100 views

CVE-2023-3277

CVE-2023-3277 affects the WordPress MStore API plugin (versions

9.8CVSS7.2AI score0.02888EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/11/03 11:29 a.m.•4 views

CVE-2023-3277 MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

9.8CVSS7.2AI score0.02888EPSS

Exploits0References3

CNNVD•added 2023/11/03 12:0 a.m.•2 views

WordPress Plugin MStore API Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS6.7AI score0.02888EPSS

Exploits0References3

Patchstack•added 2023/10/03 12:0 a.m.•12 views

WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-45055 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62679b9fbc47 Credits Truoc Phan Required privilege Subscriber Published 3...

9.8CVSS6.8AI score0.0055EPSS

Exploits0References2Affected Software1

OSV•added 2023/07/12 5:15 a.m.•4 views

CVE-2023-3199

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordertitle function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site...

4.3CVSS7.2AI score

Exploits0References3

OSV•added 2023/07/12 5:15 a.m.•2 views

CVE-2023-3202

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS5.7AI score0.00293EPSS

Exploits0References3

NVD•added 2023/07/12 5:15 a.m.•17 views

CVE-2023-3202

4.3CVSS4.3AI score0.00293EPSS

Exploits0References3

NVD•added 2023/07/12 5:15 a.m.•20 views

CVE-2023-3199

4.3CVSS4.3AI score0.00295EPSS

Exploits0References3

Prion•added 2023/07/12 5:15 a.m.•23 views

Cross site request forgery (csrf)

4.3CVSS4.4AI score0.00295EPSS

Exploits0References3Affected Software1

Prion•added 2023/07/12 5:15 a.m.•13 views

Cross site request forgery (csrf)

4.3CVSS4.4AI score0.00293EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/07/12 4:38 a.m.•11 views

CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update

4.3CVSS6.5AI score0.00293EPSS

Exploits0References3

Cvelist•added 2023/07/12 4:38 a.m.•31 views

CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update

4.3CVSS4.7AI score0.00293EPSS

Exploits0References3

CVE•added 2023/07/12 4:38 a.m.•52 views

CVE-2023-3202

CVE-2023-3202: The MStore API WordPress plugin is vulnerable to CSRF due to missing nonce validation on mstore_update_firebase_server_key, enabling unauthenticated attackers to alter the Firebase server key and push notifications when an order status changes via forged requests. Impact is limited...

4.3CVSS4.7AI score0.00293EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by