PT-2023-25219 · WordPress · All In One B2B For Woocommerce
Alex Sanford
·
Published
2023-09-25
·
Updated
2023-09-26
·
CVE-2023-3547
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier
Description
The issue allows an attacker to perform CSRF attacks due to improper checking of nonce values in several actions.
Recommendations
For All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier, update to a version that properly checks nonce values to prevent CSRF attacks.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
All In One B2B For Woocommerce