Lack of Privilege and Nonce Checks in MStore API WordPress Plugin

Lack of Privilege and Nonce Checks in MStore API WordPress Plugin

CVE-2023-3131 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

Learn more about our Wordpress Pen Testing.