CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

WordPress MStore API plugin <= 4.17.4 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.4...

WordPress MStore API Plugin <= 4.15.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.15.7 Fixed in 4.15.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11179 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1c06ba6b6a95 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

WordPress MStore API plugin <= 4.15.2 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Truoc Phan in WordPress Plugin MStore API versions = 4.15.2...

WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50878 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f4e7104141c9 Credits Mika Required privileg...

WordPress MStore API Plugin <= 4.10.7 is vulnerable to Privilege Escalation

Software MStore API Type Plugin Vulnerable versions = 4.10.7 Fixed in 4.10.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3277 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30d740e716a7 Credits Truoc Phan ...

WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-45055 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62679b9fbc47 Credits Truoc Phan Required privilege Subscriber Published 3...

WordPress MStore API Plugin <= 4.0.1 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3197 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7aeff12fe9e3 Credits Truoc Phan / An Đặng Required privilege Unauthenticat...

WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 3.9.7 Fixed in 3.9.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47614 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d5e39e167dd4 Credits Lucio Sá Required privilege Unauthenticated Publishe...

CVE-2023-3203

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatelimitproduct function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3198 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8dddc497a1b9 Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a8ee239bd4b Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3201 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abb15f86de6f Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d4409a4b157a Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...

WordPress MStore API Plugin <= 3.9.1 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2734 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 533a834d2d8a Credits Lana Codes Required privilege...