CVE-2023-4941

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsswap function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

EUVD-2025-15024

Malicious code in bioql PyPI...

EUVD-2023-54777

Malicious code in bioql PyPI...

EUVD-2023-54779

Malicious code in bioql PyPI...

EUVD-2022-52518

Malicious code in bioql PyPI...

EUVD-2023-54774

Malicious code in bioql PyPI...

EUVD-2023-54776

Malicious code in bioql PyPI...

CVE-2023-4943

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsvisibility function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

CVE-2023-4938

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...

codechecker vulnerable to authentication bypass when using specifically crafted URLs

Summary Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. Details All...

CVE-2024-31442 Redon-Hub has incorrect permissions on all admin related commands

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...

CVE-2023-4941

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsswap function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

CVE-2023-4941 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsswap function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

CVE-2023-4937 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsapplydefaultcombination function. This makes it possible for unauthenticated attackers to manipulate product...

CVE-2023-4940 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsswap function. This makes it possible for unauthenticated attackers to manipulate products via a forged...

CVE-2023-4943 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsvisibility function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

CVE-2023-4942 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsvisibility function. This makes it possible for unauthenticated attackers to manipulate products via a forge...

PT-2023-31211 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is due to a missing capability check on the woobe bulkoperations swap function, making it possible for authenticated attackers subscriber or higher to...

PT-2023-31205 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the woobe bulkoperations swap function. This allows unauthenticated...

Authorization

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...