Description
Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects B2BKing: from n/a before 5.2.10.
Published: 2026-05-25
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a missing authorization flaw that lets attackers access resources or functions meant for privileged users. By bypassing the configured access control security levels, a user could read, modify, or delete data that should otherwise be protected. The weakness is rooted in improper enforcement of authorization policies (CWE-862).

Affected Systems

The affected product is Kings Plugins B2BKing, a WordPress plugin used for wholesale functionality. All releases before version 5.2.10 are impacted; versions 5.2.10 and newer contain the fix.

Risk and Exploitability

The CVSS score of 4.9 indicates a moderate impact; the EPSS score is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector is a normal web request to the plugin’s admin or user interfaces, where standard credentials or publicly accessible URLs allow exploitation if configuration is incorrect.

Generated by OpenCVE AI on May 25, 2026 at 23:25 UTC.

Remediation

Vendor Solution

Update the WordPress B2BKing Plugin to the latest available version (at least 5.2.10).

OpenCVE Recommended Actions

  • Update the B2BKing plugin to version 5.2.10 or later.
  • Verify that plugin settings correctly restrict access to privileged roles and functions.
  • If an update cannot be applied immediately, disable or uninstall the plugin until a patched version is available.

Generated by OpenCVE AI on May 25, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 22:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.
Title WordPress B2BKing plugin < 5.2.10 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-26T10:52:03.547Z

Reserved: 2026-02-19T09:51:41.702Z

Link: CVE-2026-27346

cve-icon Vulnrichment

Updated: 2026-05-26T10:51:58.911Z

cve-icon NVD

Status : Received

Published: 2026-05-25T22:16:33.260

Modified: 2026-05-25T22:16:33.260

Link: CVE-2026-27346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T23:30:26Z

Weaknesses