6 matches found
CVE-2023-4703
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703
CVE-2023-4703 affects All in One B2B for WooCommerce (WordPress plugin) up to version 1.0.3. The vulnerability arises from improper validation of parameters when updating user details, enabling an unauthenticated attacker to update details for any user. The PoC shows a curl example that updates a...
CVE-2023-4703 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
WordPress All in One B2B for WooCommerce Plugin <= 1.0.3 is vulnerable to Privilege Escalation
Software All in One B2B for WooCommerce Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4703 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 385fda25bc8e...