Open Redirect Vulnerability in B2BKing Premium by Kings Plugins
CVE-2026-28106

4.7MEDIUM

Key Information:

Vendor: WordPress
Status: B2bking Premium
Vendor: CVE Published:; 6 March 2026

What is CVE-2026-28106?

An open redirect vulnerability in B2BKing Premium by Kings Plugins allows attackers to redirect users to untrusted sites, potentially facilitating phishing attempts. This vulnerability affects versions up to 5.3.80 and can be exploited to divert users from legitimate requests, putting their sensitive information at risk.

Affected Version(s)

B2BKing Premium < 5.4.20

References

https://patchstack.com/database/wordpress/plugin/b2bking/...

vdb-entry

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Feb 25, 2026

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

CVE-2026-28106 Data

JSON