Cross-Site Request Forgery Vulnerability in MStore API for WordPress
CVE-2023-3199
4.3MEDIUM
What is CVE-2023-3199?
The MStore API plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit the absence of nonce validation in the mstore_update_status_order_title function. This flaw enables attackers to issue forged requests to update order titles, provided they can deceive a site administrator into executing an action, such as clicking on a crafted link. This type of vulnerability poses significant risks, making it essential for website administrators to apply appropriate security measures.
Affected Version(s)
MStore API * <= 3.9.6