CVE-2023-3077

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 10, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-3077: A vulnerability affects the MStore API WordPress plugin before version 3.9.8. The issue lies in the plugin's failure to sanitize and escape a parameter, making it susceptible to Blind SQL injection attacks. Unauthenticated users can exploit this vulnerability, but only on sites that have purchased the plugin's pro features and use the woocommerce-appointments plugin. This weakness may allow attackers to manipulate the database and potentially gain unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advancedcustomfields Advanced Custom Fields

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rG4Zl0
https://www.cve.org/CVERecord?id=CVE-2023-3077
https://nvd.nist.gov/vuln/detail/CVE-2023-3077

Back to Vulnerability Database

CVE-2023-3077

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations