7 matches found
CVE-2024-30463
Technical details about CVE-2024-30463 (BEAR missing authorization) are not provided in the supplied documents. No product version, attack vector, impact, or fix is confirmed here. Monitor official advisories for updates and remediation guidance.
CVE-2024-30200
The CVE-2024-30200 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress BEAR plugin (BEAR – Bulk Editor and Products Manager) by Pluginus.Net, affecting versions up to and including 1.1.4.2. The issue arises from insufficient input sanitization and output escaping...
CVE-2024-31430
CSRF vulnerability (CVE-2024-31430) exists in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional and BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net . Affected range per Red Hat entry: WOLF up to 1.0.8.1 and BEAR up to 1.1.4.1. This issue i...
CVE-2025-26775
CVE-2025-26775 concerns the BEAR WordPress plugin (BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net). The connected data confirms an authenticated (Administrator+) Stored Cross-Site Scripting (XSS) vulnerability in BEAR versions up to 1.1.4.4, triggered during ...
CVE-2024-24835
CVE-2024-24835 affects BEAR (WordPress BEAR plugin) up to version 1.1.4, with a Missing Authorization vulnerability due to insufficient permission checks in several functions. The issue allows authenticated users with subscriber-level access or higher to perform unauthorized actions on BEAR. The ...
CVE-2024-24834
CVE-2024-24834 affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce (Pluginus.Net) up to version 1.1.4. Root cause: improper input neutralization during web page generation, resulting in Stored XSS. Public data from Patchstack and CVE records indicate the vulnerability exi...
CVE-2023-33314
CVE-2023-33314 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress BEAR plugin (realmag777) version(s) <= 1.1.3.1. The linked PatchStack entry identifies the vulnerable product and versions and notes a fixed release in 1.1.3.2. Other connected documents corroborate the...