WordPress MStore API Plugin <= 3.9.7 is vulnerable to SQL Injection
CVE-2022-47614

7.5HIGH

Key Information:

Vendor: WordPress
Status: Mstore Api
Vendor: CVE Published:; 23 June 2023

What is CVE-2022-47614?

The InspireUI MStore API Plugin for WordPress is susceptible to an unauthenticated SQL injection vulnerability that allows attackers to manipulate SQL queries executed by the plugin. This flaw, present in versions up to 3.9.7, can potentially lead to unauthorized access to sensitive data, disruption of service, and compromise of affected systems. It is crucial for users to update to the latest version or apply necessary patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

MStore API <= 3.9.7

References

https://patchstack.com/database/vulnerability/mstore-api/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Dec 20, 2022

Credit

Lucio Sá (Patchstack Alliance)