cleantalk
Vulnerabilities and Security Researches

Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & Mo, CVE-2025-49924

CVE, Research URL

CVE-2025-49924

Home page URL

Security reports for Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & Mo

Application

Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & Mo

Published on
Oct 22, 2025
Research Description
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.
Affected versions
max 2.2.4.2.
Status
vulnerable
Previous vulnerability researches
Popup Maker &#8211; Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder &amp; More (CVE-2024-34770) , Jun 07, 2024
Popup Maker &#8211; Popup for opt-ins, lead gen, &amp; more (CVE-2024-5561) , Sep 11, 2024
Popup Maker &#8211; Popup for opt-ins, lead gen, &amp; more (CVE-2025-4205) , Jun 06, 2025
Popup Maker &#8211; Popup for opt-ins, lead gen, &amp; more (CVE-2025-24746) , Jan 25, 2025
Popup Maker &#8211; Popup for opt-ins, lead gen, &amp; more (CVE-2022-3690) , Jun 07, 2024
New vulnerability
WP Go Maps (formerly WP Google Maps) (CVE-2025-11166) , Nov 10, 2025
WP Go Maps (formerly WP Google Maps) (CVE-2025-11703) , Nov 10, 2025
Donation Forms by Charitable &#8211; Donations Plugin &amp; Fundraising Platform for WordPress (CVE-2025-11893) , Nov 10, 2025
WPC Smart Wishlist for WooCommerce (CVE-2025-11518) , Nov 10, 2025
WPC Smart Wishlist for WooCommerce (CVE-2025-11742) , Nov 10, 2025