3 matches found
CVE-2023-3077
CVE-2023-3077 affects the MStore API WordPress plugin prior to version 3.9.8. The vulnerability is a Blind SQL injection in which the product_id parameter is not sanitized/escaped before being used in a SQL statement, and it is exploitable by unauthenticated users. Public details indicate exploit...
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...