Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-03-12
CVE-2024-31430 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2024-31430
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4926 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4926
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4924 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4924
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4923 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4923
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4941 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4941
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4943 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4943
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4942 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4942
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4940 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4940
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4937 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4937
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4935 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4935
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4920 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4920
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4938 - Bear Woocommerce Bulk Editor And Products Manager Professional Plugin
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
PLUGIN
Bear Woocommerce Bulk Editor And Products Manager Professional
CVE-2023-4938
Risk Score