331 matches found
CVE-2023-3209
CVE-2023-3209 affects the MStore API WordPress plugin prior to version 3.9.7, where many AJAX actions lack proper privilege checks and nonce validation, enabling unauthorized changes to settings (CSRF). Multiple sources corroborate an upstream issue that allows privilege escalation via crafted re...
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
CVE-2023-3077
CVE-2023-3077 affects the MStore API WordPress plugin prior to version 3.9.8. The vulnerability is a Blind SQL injection in which the product_id parameter is not sanitized/escaped before being used in a SQL statement, and it is exploitable by unauthenticated users. Public details indicate exploit...
CVE-2023-3076
CVE-2023-3076 affects the MStore API WordPress plugin (pre-3.9.9). The wholesale REST API endpoint allows unauthenticated visitors to create user accounts with a role of their choice, enabling privilege escalation, and this attack is conditioned on the site owner purchasing pro features. The NVD/...
CVE-2023-3076 MStore API < 3.9.9 - Unauthenticated Privilege Escalation
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...
WordPress plugin MStore API 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin MStore API SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-22960 · WordPress · Mstore Api
The MStore API WordPress plugin, specifically versions before 3.9.9, is affected by a security issue that allows visitors to create user accounts with a role of their choice via the wholesale REST API endpoint. This issue is only exploitable if the site owner has paid to access the plugin's pro...
PT-2023-23290 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API WordPress plugin versions prior to 3.9.7 Description: The issue concerns the MStore API WordPress plugin, which does not implement sufficient security measures for its AJAX actions. Specifically, it lacks privilege checks, nonce...
PT-2023-22967 · WordPress · Mstore Api +1
Name of the Vulnerable Software and Affected Versions: MStore API WordPress plugin versions prior to 3.9.8 Description: The issue is related to a Blind SQL injection that can be exploited by unauthenticated users. This occurs because a parameter is not properly sanitised and escaped before being...
WordPress MStore API Plugin <= 4.0.1 is vulnerable to SQL Injection
Software MStore API Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3197 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7aeff12fe9e3 Credits Truoc Phan / An Đặng Required privilege Unauthenticat...
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
Sql injection
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2023-3197 MStore API <= 4.0.1 - Unauthenticated SQL Injection
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2023-3197 MStore API <= 4.0.1 - Unauthenticated SQL Injection
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2023-3197
The CVE-2023-3197 entry concerns the WordPress MStore API plugin (