WordPress plugin MStore API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

PT-2023-23546

Name of the Vulnerable Software and Affected Versions MStore API plugin for WordPress versions up to, and including, 4.0.1 Description The issue allows unauthenticated attackers to perform Blind SQL Injection via the id parameter due to insufficient escaping on user-supplied parameters and lack o...

CVE-2022-47614

Unauth. SQL Injection SQLi vulnerability in InspireUI MStore API plugin = 3.9.7 versions...

CVE-2022-47614

Unauth. SQL Injection SQLi vulnerability in InspireUI MStore API plugin = 3.9.7 versions...

Sql injection

Unauth. SQL Injection SQLi vulnerability in InspireUI MStore API plugin = 3.9.7 versions...

CVE-2022-47614 WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection

Unauth. SQL Injection SQLi vulnerability in InspireUI MStore API plugin = 3.9.7 versions...

CVE-2022-47614

CVE-2022-47614 : Unauth. SQL Injection in the InspireUI MStore API WordPress plugin, affected versions

CVE-2022-47614 WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection

Unauth. SQL Injection SQLi vulnerability in InspireUI MStore API plugin = 3.9.7 versions...

WordPress plugin MStore API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2023-15437 · Inspireui · Inspireui Mstore Api Plugin

Name of the Vulnerable Software and Affected Versions: InspireUI MStore API plugin versions prior to 3.9.8 Description: The issue is related to an unauthorized SQL Injection vulnerability in the InspireUI MStore API plugin. Recommendations: For versions prior to 3.9.8, update to version 3.9.8 or...

MStore API < 3.9.8 - Unauthenticated SQL Injection

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

MStore API < 4.0.2 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

VulnCheck KEV: CVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. 1 Simulate the site has a valid Pro API key by running the following in WP CLI...

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 3.9.7 Fixed in 3.9.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47614 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d5e39e167dd4 Credits Lucio Sá Required privilege Unauthenticated Publishe...

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. PoC Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. PoC 1 Simulate the site has a valid Pro API key by running the following in WP...