3 matches found
CVE-2023-3209
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...
CVE-2023-3209
CVE-2023-3209 affects the MStore API WordPress plugin prior to version 3.9.7, where many AJAX actions lack proper privilege checks and nonce validation, enabling unauthorized changes to settings (CSRF). Multiple sources corroborate an upstream issue that allows privilege escalation via crafted re...
CVE-2023-3209 MStore API < 3.9.7 - Settings Update via CSRF
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...