CVE Catalog
CVE-2023-3209
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk0.23%
14th percentile — higher than 14% of all known CVEs
Summary
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Risk Assessment
The lack of proper security measures may lead to unauthorized access to plugin functions, posing a risk to user data and system integrity.
Recommendation
It is recommended to update the MStore API plugin to version 3.9.7 or later to ensure proper security for AJAX actions.
Original NVD description (English source)
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

