VYPR
Unrated severityNVD Advisory· Published Jul 10, 2023· Updated Nov 12, 2024

MStore API < 3.9.8 - Unauthenticated Blind SQLi

CVE-2023-3077

Description

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.