BEAR Security Vulnerabilities
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...
4.8CVSS
6AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...
4.8CVSS
6AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...
4.8CVSS
6AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and...
4.8CVSS
6.2AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...
4.8CVSS
6.1AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim...
4.8CVSS
6.3AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal...
4.8CVSS
6AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
7.9AI Score
0.0004EPSS
Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources...
6.5CVSS
7.6AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
7.9AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
8.1AI Score
0.0004EPSS
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback...
9.1CVSS
7.8AI Score
0.0004EPSS
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...
7.7CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged...
8.8CVSS
7.1AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
8.1AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
8.1AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional:....
4.3CVSS
7.5AI Score
0.0004EPSS
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through...
4.3CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for...
4.8CVSS
7.2AI Score
0.0004EPSS
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete...
4.3CVSS
8.1AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate...
4.3CVSS
8AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged...
4.3CVSS
7.9AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged...
4.3CVSS
7.9AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate...
4.3CVSS
8AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged...
4.3CVSS
7.9AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a...
4.3CVSS
7.9AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate...
4.3CVSS
7.9AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted...
4.3CVSS
8.1AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged...
8.8CVSS
8.3AI Score
0.001EPSS
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate....
4.3CVSS
8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1...
8.8CVSS
8.8AI Score
0.001EPSS