2 matches found
CVE-2023-3126
The CVE-2023-3126 entry concerns the WordPress plugin B2BKing . A missing capability check in the function b2bkingdownloadpricelist (affected versions: up to and including 4.6.00) allows authenticated users with subscriber/customer-level permissions to retrieve the site’s full product pricing lis...
WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control
Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3126 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e0410908e411 Credits Jerome Bruandet Required...