2 matches found
CVE-2023-3201
CVE-2023-3201 – MStore API (WordPress) : CSRF due to missing nonce validation in mstore_update_new_order_title. Unauthenticated attackers can forge requests to update new order titles by tricking an admin. Affected versions:
WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3201 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abb15f86de6f Credits Truoc Phan Required...