CVE-2023-4703

All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation

CVSS 7.5 HIGHEPSS 0.6%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Unknown · All in One B2B for WooCommerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/