Filtered by vendor Webwizards Subscriptions
Filtered by product B2bking Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-3125 1 Webwizards 1 B2bking 2024-12-21 6.5 Medium
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
CVE-2023-3126 1 Webwizards 1 B2bking 2024-12-21 4.3 Medium
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.