4 matches found
CVE-2023-3203
CVE-2023-3203 affects the WordPress plugin MStore API (versions
CVE-2023-3203 MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatelimitproduct function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a...
CVE-2023-3203 MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatelimitproduct function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a...
MStore API < 3.9.7 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...