VYPR
Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Jun 20, 2025

All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation

CVE-2023-4703

Description

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.