Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.346
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2023-3077


Contact Us

Shodan ® - All rights reserved