CVE-2023-3209

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

3.5LOW

EPSS

0.1%

top 74.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Mstore API Inspireui Mstore API

Timeline

PublishedJul 10

Description

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/mstore_api< 3.9.7

▶NVDinspireui/mstore_api< 3.9.7

🔴Vulnerability Details

CVEList

MStore API < 3.9.7 - Settings Update via CSRF↗2023-07-10

▶

GHSA

GHSA-6gwc-q32q-63j2: The MStore API WordPress plugin before 3↗2023-07-10

▶