.. / CVE-2023-3077

Exploit for MStore API < 3.9.8 - SQL Injection (CVE-2023-3077)

Description:

The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id parameter.

Nuclei Template

View the template here CVE-2023-3077.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-3077.yaml
Copy

References:

https://wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432
https://nvd.nist.gov/vuln/detail/CVE-2023-3077