Privilege Escalation in Wholesale Suite by Josh Kohlbach
CVE-2025-49924

7.3HIGH

Key Information:

Vendor: WordPress
Status: Wholesale Suite
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-49924?

A privilege escalation vulnerability exists in the Wholesale Suite by Josh Kohlbach, specifically in the WooCommerce Wholesale Prices plugin. This issue enables unauthorized users to gain elevated privileges, potentially compromising the integrity of the application. Systems running versions up to and including 2.2.4.2 are particularly at risk. It is crucial for users to update to secure versions promptly to mitigate potential threats.

Affected Version(s)

Wholesale Suite <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wooc...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)

JSON