CVE-2023-4924

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...

CVE-2023-4924

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...

Authorization

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...

CVE-2023-4924 BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...

CVE-2023-4923

The BEAR for WordPress plugin (WooCommerce Bulk Editor by PluginUS.Net) is affected by CVE-2023-4923: Cross-Site Request Forgery to delete a product via the woobe_bulkoperations_delete function. Version range vulnerable: up to and including 1.1.3.3. The issue arises from missing/incorrect nonce v...

WordPress Plugin BEAR Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...