The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
References
Link | Resource |
---|---|
https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin/ | Exploit Third Party Advisory |
https://woocommerce-b2b-plugin.com/changelog/ | Release Notes |
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=cve | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:40.160Z
Updated: 2023-06-07T01:51:40.160Z
Reserved: 2023-06-06T13:12:53.381Z
Link: CVE-2023-3125
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:16.027
Modified: 2023-11-07T04:17:57.237
Link: CVE-2023-3125
JSON object: View
Redhat Information
No data.
CWE