Medium severity4.3NVD Advisory· Published Jun 14, 2023· Updated Apr 8, 2026
CVE-2023-3201
CVE-2023-3201
Description
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.