2 matches found
CVE-2023-4937 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsapplydefaultcombination function. This makes it possible for unauthenticated attackers to manipulate product...
CVE-2023-4937
CVE-2023-4937 relates to BEAR – Bulk Editor and Products Manager Professional for WooCommerce (WordPress plugin). The Red Hat entry mirrors the vulnerability: CSRF in BEAR up to version 1.1.3.3 caused by missing or incorrect nonce validation in the function woobe_bulkoperations_apply_default_comb...