cleantalk
Vulnerabilities and Security Researches

MStore API, CVE-2023-3209

CVE, Research URL

CVE-2023-3209

Home page URL

Security reports for MStore API

Application

MStore API

Published on
Jul 10, 2023
Research Description
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Affected versions
max 3.9.7.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (CVE-2024-12042) , Dec 15, 2024
MStore API (CVE-2024-7628) , Aug 16, 2024
MStore API (CVE-2025-3438) , May 04, 2025
MStore API (CVE-2026-3568) , Apr 13, 2026
New vulnerability
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2026-5371) , May 13, 2026
bunny.net – WordPress CDN Plugin (CVE-2025-68049) , May 13, 2026
BJ Lazy Load (CVE-2026-2300) , May 13, 2026
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2021-47941) , May 13, 2026