CVE-2026-28106
📋 TL;DR
This CVE describes an open redirect vulnerability in the B2BKing Premium WordPress plugin that allows attackers to redirect users to malicious websites. Attackers can craft URLs that appear legitimate but redirect to phishing sites, potentially stealing credentials or delivering malware. All WordPress sites using B2BKing Premium versions up to 5.3.80 are affected.
💻 Affected Systems
- B2BKing Premium WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Users are redirected to sophisticated phishing sites that steal login credentials, financial information, or install malware, leading to account compromise, data theft, and financial loss.
Likely Case
Attackers use the vulnerability in phishing campaigns to redirect users to fake login pages, harvesting credentials for WordPress admin accounts or customer accounts.
If Mitigated
With proper user education about checking URLs and browser security warnings, most users would avoid entering credentials on suspicious sites, limiting impact to failed phishing attempts.
🎯 Exploit Status
Open redirect vulnerabilities are commonly exploited in phishing campaigns. The Patchstack advisory includes technical details that could be used to create exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.81 or later
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/b2bking/vulnerability/wordpress-b2bking-premium-plugin-5-3-80-open-redirection-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find B2BKing Premium and click 'Update Now'. 4. Verify the plugin version is 5.3.81 or higher.
🔧 Temporary Workarounds
Disable B2BKing Premium Plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate b2bking-premium
Web Application Firewall Rule
allBlock redirects to external domains from the plugin
Add WAF rule to block requests containing 'redirect' parameter with external domains
🧯 If You Can't Patch
- Implement strict URL validation at the web server level to block redirects to untrusted domains
- Deploy email/web filtering to detect and block phishing attempts leveraging this vulnerability
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > B2BKing Premium version. If version is 5.3.80 or lower, the site is vulnerable.Check Version:
wp plugin get b2bking-premium --field=versionVerify Fix Applied:
After updating, verify the plugin shows version 5.3.81 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP 302 redirect responses from B2BKing plugin endpoints to external domains
- Unusual number of redirects in web server logs with 'redirect' parameter
Network Indicators:
- Outbound connections to suspicious domains following B2BKing plugin requests
- Phishing emails containing URLs with the vulnerable plugin's endpoints
SIEM Query:
source="web_server_logs" AND (url="*b2bking*" AND url="*redirect=*" AND status=302)