exploitDog

CVE-2023-4703

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

Ссылки

https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:all_in_one_b2b_for_woocommerce_project:all_in_one_b2b_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 1.0.3 (включая)

EPSS

Процентиль: 49%

0.0026

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8wmq-h9m8-m384

CVSS3: 7.5

github

около 2 лет назад

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

EPSS

Процентиль: 49%

0.0026

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo