CVE-2023-3131

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

EPSS 0.5%

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

Affected products

Unknown · MStore API

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/970735f1-24bb-441c-89b6-5a0959246d6c