Skip to main content
CVE-2023-3197 CRITICAL POC PATCH THREAT Act Now

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.8%.

SQLi WordPress Mstore Api
NVD
CVSS 3.1
9.8
EPSS
36.8%
Threat
4.6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy