CVE-2023-3077 Information

Description

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins’ pro features and uses the woocommerce-appointments plugin.

Reference

https://wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432