Description
WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the price of any product. WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More version 4.6.00 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.6.20 or latest
References
Related Vulnerabilities
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)
WordPress Plugin Malware Scanner Privilege Escalation (4.7.2)
WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)
Oracle Database Server CVE-2007-3854 Vulnerability (CVE-2007-3854)
WordPress Plugin Rezgo Online Booking Cross-Site Scripting (4.1.7)