cve/CVE-2023-3201.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

873 B

Raw Permalink Blame History

CVE-2023-3201

Description

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

873 B

Raw Permalink Blame History

CVE-2023-3201

Description

POC

Reference

Github

873 B Raw Permalink Blame History

CVE-2023-3201

Description

POC

Reference

Github

873 B

Raw Permalink Blame History