Report
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Score:4.3
Severity:Medium
Version: 3.9.6
There is a patch available in v3.9.7 and we strongly recommend you update to this version as soon as possible.
