2 matches found
CVE-2023-4923 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsdelete function. This makes it possible for unauthenticated attackers to delete products via a forged reques...
CVE-2023-4923
The BEAR for WordPress plugin (WooCommerce Bulk Editor by PluginUS.Net) is affected by CVE-2023-4923: Cross-Site Request Forgery to delete a product via the woobe_bulkoperations_delete function. Version range vulnerable: up to and including 1.1.3.3. The issue arises from missing/incorrect nonce v...