MStore API < 3.9.7 - Settings Update via CSRF
CVE-2023-3209
3.5LOW
Summary
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Affected Version(s)
MStore API 0 < 3.9.7
References
CVSS V3.1
Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Truoc Phan
WPScan