All In One B2b For Woocommerce Project: >> All In One B2b For Woocommerce Security Vulnerabilities
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-01-16
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-09-25