BEAR < 1.1.3.2 - Cross-Site Request Forgery (CSRF)

2023-05-2200:00:00

wpscan.com

bear plugin

csrf

vulnerability

unauthenticated attacker

crafted request

software

0.001 Low

EPSS

Percentile

27.7%

JSON

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request.

CPENameOperatorVersion
woo-bulk-editorlt1.1.3.2

CPE	Name	Operator	Version
	woo-bulk-editor	lt	1.1.3.2

References

patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-3-1-cross-site-request-forgery-csrf-vulnerability

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-bulk-editor/bear-1131-cross-site-request-forgery-via-multiple-functions

0.001 Low

EPSS

Percentile

27.7%

JSON

Related for WPVDB-ID:06A4F240-52D7-4A61-B781-86328CFBE619