CVE-2023-3547

high

Description

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

References

https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78

Details

Source: Mitre, NVD

Published: 2023-09-25

Updated: 2025-04-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00625

Detections

Analytics