The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:40.160Z
Updated: 2024-08-02T06:48:07.365Z
Reserved: 2023-06-06T13:12:53.381Z
Link: CVE-2023-3125
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-07T02:15:16.027
Modified: 2023-11-07T04:17:57.237
Link: CVE-2023-3125
Redhat
No data.