CVE-2023-3547
All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
25 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · All in One B2B for WooCommerceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →