Lucene search
PRIOn knowledge basePRION:CVE-2023-4938HistoryOct 18, 2023 - 8:15 a.m.
Authorization
2023-10-1808:15:00
PRIOn knowledge base
www.prio-n.com
5
bear plugin
wordpress
missing authorization
vulnerability
capability check
authenticated attackers
product manipulation
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bear_-_woocommerce_bulk_editor_and_products_manager_professional | le | 1.1.3.3 |
References
plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php
plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php
www.wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=cve
Related
wpvulndb
wpvulndb
BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF
2023-10-20 00:00:00
cve
cve
CVE-2023-4938
2023-10-18 08:15:08
cvelist
cvelist
CVE-2023-4938
2023-10-18 07:31:17
nvd
nvd
CVE-2023-4938
2023-10-18 08:15:08
wordfence
wordfence