CVE-2023-3198 - CERT CVE
ID CVE-2023-3198
Sažetak The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Reference
CVSS
Base: 4.3
Impact: 1.4
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW -
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Zadnje važnije ažuriranje 07-11-2023 - 04:18
Objavljeno 14-06-2023 - 02:15