Vulnerabilities and security researches forb2bking-wholesale-for-woocommerce b2bking-wholesale-for-woocommerce
Direction: ascendingJun 07, 2024
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More # CVE-2023-3126
- CVE, Research URL
- Date
- Jun 07, 2023
- Research Description
- The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.
- Affected versions
-
max 4.6.20.
- Status
-
vulnerable
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More # CVE-2023-3125
- CVE, Research URL
- Date
- Jun 07, 2023
- Research Description
- The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
- Affected versions
-
max 4.6.20.
- Status
-
vulnerable
May 27, 2026
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More # CVE-2026-27346
- CVE, Research URL
- Date
- May 26, 2026
- Research Description
- Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.
- Affected versions
-
max 5.2.10.
- Status
-
vulnerable