Unrated severityNVD Advisory· Published Jul 10, 2023· Updated Nov 12, 2024
MStore API < 3.9.8 - Unauthenticated Blind SQLi
CVE-2023-3077
Description
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.9.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.