Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total13
Critical0
High0
Medium13
Reset
Showing 1-13 of 13 records
Threat Entry Updated 2026-04-08

CVE-2026-1673 - Woo Bulk Editor Plugin

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function. This makes it possible for unauthenticated attackers to delete WooCommerce taxonomy terms (categories, tags, etc.) via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2026-1673

MEDIUM CVSS 4.3 2026-04-08
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2026-1672 - Woo Bulk Editor Plugin

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function. This makes it possible for unauthenticated attackers to update WooCommerce product data including prices, descriptions, and other product fields via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2026-1672

MEDIUM CVSS 6.5 2026-04-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4926 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2023-4926

MEDIUM CVSS 5.4 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4924 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.

PLUGIN Woo Bulk Editor

CVE-2023-4924

MEDIUM CVSS 5.4 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4923 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2023-4923

MEDIUM CVSS 5.4 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4941 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

PLUGIN Woo Bulk Editor

CVE-2023-4941

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4943 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

PLUGIN Woo Bulk Editor

CVE-2023-4943

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4942 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2023-4942

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4940 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2023-4940

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4937 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2023-4937

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4935 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woo Bulk Editor

CVE-2023-4935

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4920 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.

PLUGIN Woo Bulk Editor

CVE-2023-4920

MEDIUM CVSS 4.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4938 - Woo Bulk Editor Plugin

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

PLUGIN Woo Bulk Editor

CVE-2023-4938

MEDIUM CVSS 4.3 2023-10-18
Open Full Technical Breakdown
Scroll to top