What is CVE-2023-3077?

CVE-2023-3077 is a vulnerability in Mstore Api, classified under CWE-89 SQL INJECTION. Published 2023-07-10.

Is CVE-2023-3077 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mstore Api

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner ele…

EPSS: 0.681 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Mstore Api — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores

References

wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-3077?: CVE-2023-3077 is a vulnerability in Mstore Api, classified under CWE-89 SQL INJECTION. Published 2023-07-10.
Is CVE-2023-3077 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.