CVE-2023-3077

Name of the Vulnerable Software and Affected Versions MStore API WordPress plugin versions prior to 3.9.8

Description The issue is related to a Blind SQL injection that can be exploited by unauthenticated users. This occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. The exploitation of this issue is conditional, requiring the site owner to have paid for access to the plugin's pro features and to be using the woocommerce-appointments plugin.

Recommendations For versions prior to 3.9.8, update to version 3.9.8 or later to resolve the issue. As a temporary workaround, consider disabling the use of the woocommerce-appointments plugin until the update is applied.