All in One B2B for WooCommerce <= 1.0.3 – Multiple CSRF | CVE 2023-3547 | Plugin Vulnerabilities

Description

The plugin does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

Proof of Concept

This CSRF attack will reject a Quote in the database.

1. Go to All In One Quote > Quotes
2. Click "Add quote", fill in the title, and save.
3. Find the Quote ID, convert it to base64, and URL encode the result. E.g. for a quote ID of "35" the result should be "MzU%3D"
3. Force an admin to visit the following URL, with the encoded ID from above, to trigger the CSRF attack and reject the Quote:

https://example.com?status=quote_rejected&quote_id=MzU%3D

Affects Plugins

all-in-one-b2b-for-woocommerce

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Alex Sanford

Submitter

Alex Sanford

Submitter website

https://wpscan.com

Verified

Yes

WPVDB ID

3cfb6696-18ad-4a38-9ca3-992f0b768b78

Timeline

Publicly Published

2023-09-04 (about 2 years ago)

Added

2023-09-04 (about 2 years ago)

Last Updated

2023-09-04 (about 2 years ago)

Other

Published

Title

Published

2025-01-24

Title

Subscription DNA < 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-07-20

Title

WP-FlyBox <= 6.46 - CSRF

Published

2023-03-29

Title

Happy Addons for Elementor < 3.8.3 - Cross-Site Request Forgery

Published

2022-05-23

Title

Private Files <= 0.40 - Protection Disabling via CSRF

Published

2024-04-11

Title

Convert Post Types <= 1.4 - Cross-Site Request Forgery