CVE-2025-6718 B1.lt for WooCommerce <= 2.2.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection
The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1runquery AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL...