CVE-2023-3209

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 10, 2023

Updated: Nov 7, 2023

CWE ID 94

Summary

CVE-2023-3209: The WordPress plugin MStore API, before version 3.9.7, fails to secure its AJAX actions through the implementation of privilege checks or nonce checks, potentially exposing websites to unauthorized access and manipulation. This vulnerability could impact sites that use the plugin and have not updated to the latest version. Attackers may exploit this issue to execute arbitrary actions, modify data, or even install malware. Users are strongly advised to update to the latest plugin version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tW3UXG
https://www.cve.org/CVERecord?id=CVE-2023-3209
https://nvd.nist.gov/vuln/detail/CVE-2023-3209

Back to Vulnerability Database

CVE-2023-3209

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations