ГлавнаяУязвимости → CVE-2023-4703
7.5высокая

CVE-2023-4703

Описание

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

Затрагиваемое ПО
All in one b2b for woocommerce project All in one b2b for woocommerce
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a/