The All in One B2B for WooCommerce WordPress plugin up to and including 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated malicious user to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
all in one b2b for woocommerce project all in one b2b for woocommerce |