CVE-2023-3547

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
all_in_one_b2b_for_woocommerce_projectall_in_one_b2b_for_woocommerce
𝑥
≤ 1.0.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78
https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78