CVE-2023-3203
published 2023-06-14CVE-2023-3203: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function…
PriorityP417medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.32%
23.3th percentile
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inspireui | mstore_api | <= 3.9.6 | — |
| inspireui | mstore_api_create_native_android_ios_apps_on_the_cloud | <= 3.9.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MStore API Plugin up to 3.9.6 on WordPress Product Limit Update cross-site request forgery
vuldb·2026-04-10·CVSS 4.3
CVE-2023-3203 [MEDIUM] MStore API Plugin up to 3.9.6 on WordPress Product Limit Update cross-site request forgery
A vulnerability was found in MStore API Plugin up to 3.9.6 on WordPress and classified as problematic. This affects an unknown part of the component Product Limit Update. The manipulation results in cross-site request forgery.
This vulnerability is cataloged as CVE-2023-3203. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-fw4w-m4pp-mgp9: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product fun
ghsa_unreviewed·2023-06-14
CVE-2023-3203 [MEDIUM] CWE-352 GHSA-fw4w-m4pp-mgp9: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product fun
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/mstore-api/trunk/mstore-api.php#L222https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87?source=cvehttps://plugins.trac.wordpress.org/browser/mstore-api/trunk/mstore-api.php#L222https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87?source=cve
2023-06-14
Published