cbcvebase.

Inspireui Mstore Api vulnerabilities

28 known vulnerabilities affecting inspireui/mstore_api.

Total CVEs
28
CISA KEV
0
Public exploits
5
Exploited in wild
3
Severity breakdown
CRITICAL11HIGH5MEDIUM11LOW1

Vulnerabilities

Page 2 of 2
CVE-2025-4683P4MEDIUMCVSS 4.3fixed in 4.17.62025-05-27
CVE-2025-4683 [MEDIUM] CWE-862 CVE-2025-4683: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new post
nvd
CVE-2023-3200P4MEDIUMCVSS 4.3≤ 3.9.62023-06-14
CVE-2023-3200 [MEDIUM] CWE-352 CVE-2023-3200: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on
nvd
CVE-2023-3201P4MEDIUMCVSS 4.3≤ 3.9.62023-06-14
CVE-2023-3201 [MEDIUM] CWE-352 CVE-2023-3201: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a li
nvd
CVE-2023-3203P4MEDIUMCVSS 4.3≤ 3.9.62023-06-14
CVE-2023-3203 [MEDIUM] CWE-352 CVE-2023-3203: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administ
nvd
CVE-2023-3198P4MEDIUMCVSS 4.3≤ 3.9.62023-06-14
CVE-2023-3198 [MEDIUM] CWE-352 CVE-2023-3198: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicki
nvd
CVE-2023-3199P4MEDIUMCVSS 4.3≤ 3.9.62023-07-12
CVE-2023-3199 [MEDIUM] CWE-352 CVE-2023-3199: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking o
nvd
CVE-2023-3202P4MEDIUMCVSS 4.3≤ 3.9.62023-07-12
CVE-2023-3202 [MEDIUM] CWE-352 CVE-2023-3202: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via a forged request granted they can trick a site admin
nvd
CVE-2023-3209P4LOWCVSS 3.5fixed in 3.9.72023-07-10
CVE-2023-3209 [LOW] CWE-352 CVE-2023-3209: The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementin The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
nvd
Inspireui Mstore Api vulnerabilities | cvebase