All in One B2B for WooCommerce <= 1.0.3 – Multiple CSRF | CVE 2023-3547 | Plugin Vulnerabilities

Description

The plugin does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

Proof of Concept

This CSRF attack will reject a Quote in the database.

1. Go to All In One Quote > Quotes
2. Click "Add quote", fill in the title, and save.
3. Find the Quote ID, convert it to base64, and URL encode the result. E.g. for a quote ID of "35" the result should be "MzU%3D"
3. Force an admin to visit the following URL, with the encoded ID from above, to trigger the CSRF attack and reject the Quote:

https://example.com?status=quote_rejected&quote_id=MzU%3D

Affects Plugins

all-in-one-b2b-for-woocommerce

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Alex Sanford

Submitter

Alex Sanford

Submitter website

https://wpscan.com

Verified

Yes

WPVDB ID

3cfb6696-18ad-4a38-9ca3-992f0b768b78

Timeline

Publicly Published

2023-09-04 (about 2 years ago)

Added

2023-09-04 (about 2 years ago)

Last Updated

2023-09-04 (about 2 years ago)

Other

Published

Title

Published

2025-06-27

Title

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet < 3.2.1 - Cross-Site Request Forgery to Settings Reset

Published

2024-04-12

Title

Ads.txt Admin <= 1.3 - Cross-Site Request Forgery

Published

2025-01-30

Title

Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-06-13

Title

All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery

Published

2022-11-14

Title

Feed Them Social < 3.0.1 - Settings Update via CSRF