CVE-2026-45213 WordPress BEAR plugin <= 1.1.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

CVE-2026-27415 WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

CVE-2026-27415

The CVE-2026-27415 entry documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress BEAR plugin, affecting BEAR versions from n/a up to 1.1.5. The issue is described as CSRF in PluginUs.Net BEAR. The provided metrics indicate a CVSS v3.1 base score of 4.3 (Medium) with attack ve...

WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by benzdeus in WordPress Plugin BEAR versions = 1.1.5...

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

CVE-2023-4938

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...

CVE-2025-26775 WordPress BEAR Plugin <= 1.1.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 BEAR woo-bulk-editor allows Stored XSS.This issue affects BEAR: from n/a through = 1.1.4.4...

CVE-2025-26775 WordPress BEAR Plugin <= 1.1.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 BEAR woo-bulk-editor allows Stored XSS.This issue affects BEAR: from n/a through = 1.1.4.4...

WordPress BEAR plugin <= 1.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das in WordPress Plugin BEAR versions = 1.1.4.1...

WordPress BEAR Plugin <= 1.1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software BEAR Type Plugin Vulnerable versions = 1.1.4.1 Fixed in 1.1.4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4956c1908b33 Credits Dhabaleshwar Das Required...

WordPress BEAR Plugin <= 1.1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software BEAR Type Plugin Vulnerable versions = 1.1.4.2 Fixed in 1.1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30200 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c6d05b2fb54 Credits Rafie Muhammad Patchstack Required...

CVE-2024-24834 WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for...

WordPress BEAR Plugin <= 1.1.4 is vulnerable to Broken Access Control

Software BEAR Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24835 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5d569bb55eee Credits Mika Required privilege Subscriber...

CVE-2023-4935 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the createprofile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted th...

CVE-2023-4943 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsvisibility function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

PT-2023-31211 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is due to a missing capability check on the woobe bulkoperations swap function, making it possible for authenticated attackers subscriber or higher to...

WordPress Plugin BEAR Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-31216 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the woobe bulkoperations visibility function. This allows...

CVE-2023-4938

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...