CVE-2023-3126: 
WordPress vulnerability analysis and mitigation

The B2BKing plugin for WordPress (14,000+ installs) was found to contain an unauthorized access vulnerability (CVE-2023-3126) in versions up to and including 4.6.00. The vulnerability stems from a missing capability check on the 'b2bkingdownloadpricelist' function, which allows authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site (NVD, NinTechNet).

The vulnerability exists in the 'b2bking/includes/class-b2bking.php' script, where the 'b2bkingdownloadpricelist' function is accessible via WordPress AJAX API. The function only verifies the b2bkingsecuritynonce nonce but lacks proper capability checks to restrict access. The nonce is exposed in the page source of the WordPress dashboard as it's loaded via the adminenqueuescripts hook. The CVSS v3.1 score is 4.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NinTechNet, Wordfence).

The vulnerability allows authenticated attackers with subscriber or customer-level permissions to download a CSV file containing the complete pricing information for all WooCommerce products on the site. Furthermore, attackers can modify this file and reupload it through the 'b2bkingsaveprice_import' function, which also lacks proper access controls, potentially allowing unauthorized price modifications (NinTechNet).

The vulnerability was fixed in version 4.6.20 of the B2BKing plugin. Site administrators are strongly recommended to update to this version or later immediately. Users of NinjaFirewall WP Edition (free) and NinjaFirewall WP+ Edition (premium) are protected against this vulnerability (NinTechNet, B2BKing Changelog).