Missing Authorization Flaw in B2BKing Plugin by Kings Plugins
CVE-2026-27346
4.9MEDIUM
What is CVE-2026-27346?
A missing authorization vulnerability exists within the B2BKing plugin developed by Kings Plugins. This flaw allows attackers to exploit incorrectly configured access controls, potentially gaining unauthorized access to sensitive functionalities. The issue impacts all versions before 5.2.10, underscoring the need for immediate updates to ensure proper security measures are in place.
Affected Version(s)
B2BKing < 5.2.10
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Phat RiO - BlueRock | Patchstack Bug Bounty Program