Description
WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the price of any product. WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More version 4.6.00 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.6.20 or latest
References
Related Vulnerabilities
WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.20)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43767)
WordPress Plugin wp-championship SQL Injection (5.8)
Play Framework Uncontrolled Resource Consumption Vulnerability (CVE-2022-31018)