5 matches found
CVE-2023-3077
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
Sql injection
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...
PT-2023-22967 ยท WordPress ยท Mstore Apiย +1
Name of the Vulnerable Software and Affected Versions: MStore API WordPress plugin versions prior to 3.9.8 Description: The issue is related to a Blind SQL injection that can be exploited by unauthenticated users. This occurs because a parameter is not properly sanitised and escaped before being...