cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-3126,https://securityvulnerability.io/vulnerability/CVE-2023-3126,Unauthorized Data Access in B2BKing Plugin for WordPress,"The B2BKing plugin for WordPress has a serious vulnerability due to a lack of capability checks in the 'b2bkingdownloadpricelist' function. This flaw allows authenticated attackers, who possess only subscriber or customer-level permissions, to access sensitive data, specifically the comprehensive pricing list of all products available on the site. This unintended exposure of product pricing can lead to further exploitation and data breaches.",Wordpress,B2BKing — Ultimate WooCommerce Wholesale and B2B Solution,4.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,false,false,2023-06-07T02:15:00.000Z,0
CVE-2023-3125,https://securityvulnerability.io/vulnerability/CVE-2023-3125,Unauthorized Data Modification in B2BKing Plugin for WordPress,"The B2BKing plugin for WordPress suffers from a vulnerability that allows unauthorized data modification due to a lack of necessary capability checks on the 'b2bking_save_price_import' function. This flaw enables authenticated attackers with minimal permissions, such as subscriber or customer levels, to alter the pricing configurations of any product on the site. Users are strongly advised to update to the latest version to mitigate this security risk.",Wordpress,B2BKing — Ultimate WooCommerce Wholesale and B2B Solution,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,false,false,2023-06-07T02:15:00.000Z,0