2 matches found
CVE-2023-4920 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobesaveoptions function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged...
CVE-2023-4920
CVE-2023-4920 relates to the BEAR – Bulk Editor and Products Manager Professional for WooCommerce WordPress plugin. A CSRF flaw exists in versions up to and including 1.1.3.3 due to missing/incorrect nonce validation in woobe_save_options, enabling unauthenticated attackers to modify plugin setti...