cleantalk
Vulnerabilities and Security Researches

B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More, CVE-2023-3125

CVE, Research URL

CVE-2023-3125

Home page URL

Security reports for B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More

Application

B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More

Published on
Jun 07, 2023
Research Description
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
Affected versions
max 4.6.20.
Status
vulnerable
Previous vulnerability researches
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More (CVE-2023-3126) , Jun 07, 2024
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More (CVE-2023-3125) , Jun 07, 2024
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More (CVE-2026-27346) , May 27, 2026
New vulnerability
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2026-7493) , May 27, 2026
RSVP and Event Management Plugin (CVE-2026-27398) , May 27, 2026
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More (CVE-2026-27346) , May 27, 2026
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2026-24546) , May 27, 2026
WP Activity Log (CVE-2026-45435) , May 26, 2026