The MStore API plugin for WordPress is vulnerable to an attack where unauthorized users can see information from the database without permission. This is possible because the plugin’s security measures (escaping user-supplied parameters and preparing existing SQL queries) are not strong enough in versions 3.9.7 and earlier.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
