7 matches found
EUVD-2023-43880
Malicious code in bioql PyPI...
CVE-2023-3202
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...
CVE-2023-3202
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...
Cross site request forgery (csrf)
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...
CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...
CVE-2023-3202
CVE-2023-3202: The MStore API WordPress plugin is vulnerable to CSRF due to missing nonce validation on mstore_update_firebase_server_key, enabling unauthenticated attackers to alter the Firebase server key and push notifications when an order status changes via forged requests. Impact is limited...
MStore API < 3.9.7 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...