4 matches found
CVE-2023-4938
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...
CVE-2023-4938 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...
CVE-2023-4938
CVE-2023-4938 concerns the BEAR – Bulk Editor and Products Manager Professional for WooCommerce plugin for WordPress. Affected versions are up to and including 1.1.3.3, due to a missing capability check in the function woobe_bulkoperations_apply_default_combination, enabling authenticated users w...
WordPress BEAR Plugin <= 1.1.3.3 is vulnerable to Broken Access Control
Software BEAR Type Plugin Vulnerable versions = 1.1.3.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611080b0d2da Credits Marco Wotschka Required privilege...