Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (28 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2023-50878 1 Inspireui 1 Mstore Api 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.
CVE-2023-45055 1 Inspireui 1 Mstore Api 2024-11-21 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.
CVE-2023-3209 1 Inspireui 1 Mstore Api 2024-11-21 3.5 Low
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
CVE-2023-3131 1 Inspireui 1 Mstore Api 2024-11-21 4.3 Medium
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
CVE-2023-3077 1 Inspireui 1 Mstore Api 2024-11-21 9.8 Critical
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.
CVE-2023-3076 1 Inspireui 1 Mstore Api 2024-11-21 9.8 Critical
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.
CVE-2022-47614 1 Inspireui 1 Mstore Api 2024-11-21 7.5 High
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.
CVE-2021-24148 1 Inspireui 1 Mstore Api 2024-11-21 9.8 Critical
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.