18 matches found
CVE-2024-30463
Technical details about CVE-2024-30463 (BEAR missing authorization) are not provided in the supplied documents. No product version, attack vector, impact, or fix is confirmed here. Monitor official advisories for updates and remediation guidance.
CVE-2024-30200
The CVE-2024-30200 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress BEAR plugin (BEAR – Bulk Editor and Products Manager) by Pluginus.Net, affecting versions up to and including 1.1.4.2. The issue arises from insufficient input sanitization and output escaping...
CVE-2024-31430
CSRF vulnerability (CVE-2024-31430) exists in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional and BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net . Affected range per Red Hat entry: WOLF up to 1.0.8.1 and BEAR up to 1.1.4.1. This issue i...
CVE-2025-26775
CVE-2025-26775 concerns the BEAR WordPress plugin (BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net). The connected data confirms an authenticated (Administrator+) Stored Cross-Site Scripting (XSS) vulnerability in BEAR versions up to 1.1.4.4, triggered during ...
CVE-2024-24835
CVE-2024-24835 affects BEAR (WordPress BEAR plugin) up to version 1.1.4, with a Missing Authorization vulnerability due to insufficient permission checks in several functions. The issue allows authenticated users with subscriber-level access or higher to perform unauthorized actions on BEAR. The ...
CVE-2023-4938
CVE-2023-4938 concerns the BEAR – Bulk Editor and Products Manager Professional for WooCommerce plugin for WordPress. Affected versions are up to and including 1.1.3.3, due to a missing capability check in the function woobe_bulkoperations_apply_default_combination, enabling authenticated users w...
CVE-2023-4924
CVE-2023-4924 affects BEAR – Bulk Editor and Products Manager Pro for WooCommerce (Pluginus.Net). Versions up to 1.1.3.3 are vulnerable due to missing capability checks in woobe_bulkoperations_delete, enabling authenticated users with subscriber access or higher to delete products. Red Hat/NVD/Wo...
CVE-2023-4941
CVE-2023-4941 concerns BEAR – Bulk Editor and Products Manager for WooCommerce (WordPress plugin) up to version 1.1.3.3. The Red Hat/NVD/Wordfence entries describe a Missing Authorization flaw caused by a missing capability check in the woobe_bulkoperations_swap function, enabling authenticated u...
CVE-2023-4923
The BEAR for WordPress plugin (WooCommerce Bulk Editor by PluginUS.Net) is affected by CVE-2023-4923: Cross-Site Request Forgery to delete a product via the woobe_bulkoperations_delete function. Version range vulnerable: up to and including 1.1.3.3. The issue arises from missing/incorrect nonce v...
CVE-2023-4926
CVE-2023-4926 – BEAR for WordPress CSRF to Product Deletion : The BEAR plugin for WooCommerce (Pluginus.Net) is affected by a Cross-Site Request Forgery flaw in versions up to 1.1.3.3, caused by missing or incorrect nonce validation in the woobe_bulk_delete_products function. This can allow an un...
CVE-2024-24834
CVE-2024-24834 affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce (Pluginus.Net) up to version 1.1.4. Root cause: improper input neutralization during web page generation, resulting in Stored XSS. Public data from Patchstack and CVE records indicate the vulnerability exi...
CVE-2023-4935
CVE-2023-4935 (BEAR – Bulk Editor and Products Manager Professional for WooCommerce) : The BEAR WordPress plugin is vulnerable to Cross-Site Request Forgery up to version 1.1.3.3 due to missing/incorrect nonce validation in the create_profile function, allowing unauthenticated attackers to create...
CVE-2023-4942
CVE-2023-4942 (BEAR – Bulk Editor and Products Manager for WooCommerce) is a CSRF vulnerability in BEAR for WordPress up to version 1.1.3.3, caused by missing or incorrect nonce validation in the woobe_bulkoperations_visibility function. This allows unauthenticated attackers to manipulate product...
CVE-2023-4920
CVE-2023-4920 relates to the BEAR – Bulk Editor and Products Manager Professional for WooCommerce WordPress plugin. A CSRF flaw exists in versions up to and including 1.1.3.3 due to missing/incorrect nonce validation in woobe_save_options, enabling unauthenticated attackers to modify plugin setti...
CVE-2023-4943
CVE-2023-4943 : BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net is affected by Missing Authorization to Product Manipulation up to version 1.1.3.3 due to a missing capability check in woobe_bulkoperations_visibility. The vulnerability allows authenticated user...
CVE-2023-33314
CVE-2023-33314 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress BEAR plugin (realmag777) version(s) <= 1.1.3.1. The linked PatchStack entry identifies the vulnerable product and versions and notes a fixed release in 1.1.3.2. Other connected documents corroborate the...
CVE-2023-4937
CVE-2023-4937 relates to BEAR – Bulk Editor and Products Manager Professional for WooCommerce (WordPress plugin). The Red Hat entry mirrors the vulnerability: CSRF in BEAR up to version 1.1.3.3 caused by missing or incorrect nonce validation in the function woobe_bulkoperations_apply_default_comb...
CVE-2023-4940
CVE-2023-4940 : BEAR for WordPress (WooCommerce) is affected by CSRF up to version 1.1.3.3 due to missing/incorrect nonce validation in the woobe_bulkoperations_swap function. This allows unauthenticated attackers to manipulate products if a site admin is tricked into performing an action (e.g., ...