CVE-2023-3131

Name of the Vulnerable Software and Affected Versions MStore API WordPress plugin versions prior to 3.9.7

Description The issue concerns the MStore API WordPress plugin, which does not implement sufficient security measures for its AJAX actions. Specifically, it lacks privilege checks, nonce checks, or a combination of both, leaving it exposed.

Recommendations For versions prior to 3.9.7, update to version 3.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update can be applied.