CVE-2023-3199 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordertitle function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site...

CVE-2023-3199

CVE-2023-3199 affects the MStore API WordPress plugin. The vulnerability is a CSRF due to missing nonce validation in mstore_update_status_order_title, enabling unauthenticated attackers to forge requests to update status order titles if a site admin is tricked into actions. Publicly documented d...

CVE-2023-3199 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordertitle function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site...

PT-2023-23558 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress affected versions not specified Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the mstore update status order title function. This allows unauthenticated...

WordPress Plugin MStore API 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin MStore API 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

CVE-2023-3209

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3131

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3209

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

Sql injection

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

Privilege escalation

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3131 MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3131 MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3131

CVE-2023-3131 affects the MStore API WordPress plugin prior to version 3.9.7. The vulnerability arises because most AJAX actions are not protected by privilege checks or nonce validation, enabling unauthorized actions such as modifying settings. Public references describe practical proof-of-conce...

CVE-2023-3209 MStore API < 3.9.7 - Settings Update via CSRF

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...

CVE-2023-3209 MStore API < 3.9.7 - Settings Update via CSRF

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...