WordPress MStore API plugin <= 4.17.4 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.4...

WordPress MStore API Plugin <= 4.15.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.15.7 Fixed in 4.15.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11179 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1c06ba6b6a95 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

WordPress MStore API plugin <= 4.15.2 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Truoc Phan in WordPress Plugin MStore API versions = 4.15.2...

WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50878 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f4e7104141c9 Credits Mika Required privileg...

WordPress MStore API Plugin <= 4.10.7 is vulnerable to Privilege Escalation

Software MStore API Type Plugin Vulnerable versions = 4.10.7 Fixed in 4.10.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3277 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30d740e716a7 Credits Truoc Phan ...

WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-45055 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62679b9fbc47 Credits Truoc Phan Required privilege Subscriber Published 3...

WordPress MStore API Plugin <= 4.0.1 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3197 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7aeff12fe9e3 Credits Truoc Phan / An Đặng Required privilege Unauthenticat...

WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 3.9.7 Fixed in 3.9.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47614 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d5e39e167dd4 Credits Lucio Sá Required privilege Unauthenticated Publishe...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3198 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8dddc497a1b9 Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a8ee239bd4b Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d4409a4b157a Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3201 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abb15f86de6f Credits Truoc Phan Required...

WordPress MStore API Plugin <= 3.9.1 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2734 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 533a834d2d8a Credits Lana Codes Required privilege...

WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...