CVE Catalog

CVE-2023-3209

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

Risk Assessment

The lack of proper security measures may lead to unauthorized access to plugin functions, posing a risk to user data and system integrity.

Recommendation

It is recommended to update the MStore API plugin to version 3.9.7 or later to ensure proper security for AJAX actions.

Original NVD description (English source)

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS