← back
CVE-2023-3547

All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF

CVSS 8.8 HIGHEPSS 0.3%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →