Vulnerabilities > Inspireui > Mstore API > 3.1.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-3209 | Unspecified vulnerability in Inspireui Mstore API The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. | 3.5 |
| 2023-06-24 | CVE-2023-3197 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2023-06-23 | CVE-2022-47614 | SQL Injection vulnerability in Inspireui Mstore API Unauth. | 7.5 |
| 2023-06-14 | CVE-2023-3198 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. | 4.3 |
| 2023-06-14 | CVE-2023-3200 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. | 4.3 |
| 2023-06-14 | CVE-2023-3201 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. | 4.3 |
| 2023-06-14 | CVE-2023-3203 | Cross-Site Request Forgery (CSRF) vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. | 4.3 |
| 2023-05-25 | CVE-2023-2732 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. | 9.8 |
| 2023-05-25 | CVE-2023-2733 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. | 9.8 |
| 2023-05-25 | CVE-2023-2734 | Unspecified vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. | 9.8 |