The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2024, 19:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:all_in_one_b2b_for_woocommerce_project:all_in_one_b2b_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
References | () https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/ - Exploit, Third Party Advisory | |
First Time |
All In One B2b For Woocommerce Project
All In One B2b For Woocommerce Project all In One B2b For Woocommerce |
16 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 16:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-4703
Mitre link : CVE-2023-4703
CVE.ORG link : CVE-2023-4703
JSON object : View
Products Affected
all_in_one_b2b_for_woocommerce_project
- all_in_one_b2b_for_woocommerce
CWE