Описание
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
Ссылки
- ExploitThird Party Advisory
- Release Notes
- Broken Link
- ExploitThird Party Advisory
- Release Notes
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.00 (включая)
cpe:2.3:a:webwizards:b2bking:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 24%
0.00077
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
EPSS
Процентиль: 24%
0.00077
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo