CVE-2022-34344: 
WordPress vulnerability analysis and mitigation

CVE-2022-34344 is a Missing Authorization vulnerability affecting Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More plugin versions through 2.1.5. The vulnerability was discovered and reported by Dave Jong from Patchstack on October 16, 2022, and was publicly disclosed on February 27, 2023 (Patchstack Advisory).

The vulnerability is classified as a Broken Access Control issue, which stems from missing authorization checks in the plugin's functionality. It received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned it a CVSS score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (NVD).

The vulnerability could allow an unprivileged user to execute certain higher privileged actions within the plugin's functionality. The impact includes potential unauthorized changes to plugin settings, though specific details about the extent of possible modifications are not publicly disclosed (Patchstack Advisory).

The vulnerability has been fixed in version 2.1.5.1 of the Wholesale Suite plugin. Users are advised to update to this version or later to resolve the security issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack Advisory).