Vulnerability Description
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| All In One B2B For Woocommerce Project | All In One B2B For Woocommerce | <= 1.0.3 |
References
- https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78ExploitThird Party Advisory
- https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78ExploitThird Party Advisory
FAQ
What is CVE-2023-3547?
CVE-2023-3547 is a vulnerability with a CVSS score of 8.8 (HIGH). The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
How severe is CVE-2023-3547?
CVE-2023-3547 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3547?
Check the references section above for vendor advisories and patch information. Affected products include: All In One B2B For Woocommerce Project All In One B2B For Woocommerce.