PT-2023-25219 · WordPress · All In One B2B For Woocommerce

Alex Sanford

Publicado

2023-09-25

Atualizado

2023-09-26

CVE-2023-3547

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier

Description The issue allows an attacker to perform CSRF attacks due to improper checking of nonce values in several actions.

Recommendations For All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier, update to a version that properly checks nonce values to prevent CSRF attacks.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-3547

Produtos afetados

All In One B2B For Woocommerce

PT-2023-25219 · WordPress · All In One B2B For Woocommerce

CVE-2023-3547

Identificadores relacionados

Produtos afetados

Referências · 5