Lack of Privilege and Nonce Checks in MStore API WordPress Plugin
CVE-2023-3209 · LOW Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Learn more about our Wordpress Pen Testing.