Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.11 views

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

9.8CVSS7.5AI score0.05304EPSS
Exploits2References1
OSV
OSV
added 2023/07/10 4:15 p.m.4 views

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

9.8CVSS7.2AI score0.05304EPSS
Exploits2References1
NVD
NVD
added 2023/07/10 4:15 p.m.26 views

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

9.8CVSS9.9AI score0.05304EPSS
Exploits2References1
Prion
Prion
added 2023/07/10 4:15 p.m.20 views

Sql injection

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

7.5CVSS9.7AI score0.05304EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/07/10 12:40 p.m.34 views

CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

10AI score0.05304EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/10 12:40 p.m.13 views

CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

7.4AI score0.05304EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.6 views

PT-2023-22967 · WordPress · Mstore Api +1

Name of the Vulnerable Software and Affected Versions: MStore API WordPress plugin versions prior to 3.9.8 Description: The issue is related to a Blind SQL injection that can be exploited by unauthenticated users. This occurs because a parameter is not properly sanitised and escaped before being...

9.8CVSS9.7AI score0.05304EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.22 views

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

9.8CVSS9.8AI score0.05304EPSS
Exploits2Affected Software1
Rows per page
Query Builder