Vulnerabilities > CVE-2023-3126 - Unspecified vulnerability in Webwizards B2Bking 4.6.00

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

webwizards

NVD

Published: 2023-06-07

Updated: 2023-11-07

Summary

The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.

Vulnerable Configurations

Part	Description	Count
Application	Webwizards Webwizards B2Bking - Webwizards B2Bking 4.6.00	2

References

https://woocommerce-b2b-plugin.com/changelog/
https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=cve