Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2023-4703
cve-2023-4703
b2b
woocommerce
wordpress
privilege escalation
user details
vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
33.1%
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
Affected configurations
Node
all_in_one_b2b_for_woocommerce_projectall_in_one_b2b_for_woocommerceRange≤1.0.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| all_in_one_b2b_for_woocommerce_project | all_in_one_b2b_for_woocommerce | * | cpe:2.3:a:all_in_one_b2b_for_woocommerce_project:all_in_one_b2b_for_woocommerce:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
prion
prion
Privilege escalation
2024-01-16 16:15:00
cvelist
cvelist
cve
cve
CVE-2023-4703
2024-01-16 16:15:13
wpexploit
wpexploit
wordfence
wordfence
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
33.1%
Related for NVD:CVE-2023-4703