cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-31430,https://securityvulnerability.io/vulnerability/CVE-2024-31430,Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins,"Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. ",Wordpress,"Wolf – WordPress Posts Bulk Editor And Manager Professional,Bear – Bulk Editor And Products Manager Professional For WooCommerce By Pluginus.net",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-10T19:10:01.565Z,0 CVE-2023-4923,https://securityvulnerability.io/vulnerability/CVE-2023-4923,Cross-Site Request Forgery in BEAR for WordPress by BEAR Technologies,"The BEAR for WordPress plugin is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability due to inadequate nonce validation in the woobe_bulkoperations_delete function. This flaw enables malicious actors to delete products without authentication by tricking a site administrator into clicking on a maliciously crafted link. The issue is present in versions up to and including 1.1.3.3, allowing for potential exploitation and product loss if not addressed promptly.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0 CVE-2023-4926,https://securityvulnerability.io/vulnerability/CVE-2023-4926,Cross-Site Request Forgery in BEAR for WordPress Affects Unauthenticated Users,"The BEAR plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability due to insufficient nonce validation in the woobe_bulk_delete_products function. This flaw could allow unauthenticated attackers to exploit the vulnerability by tricking site administrators into executing forged requests. As a result, attackers may delete products from the site without proper authorization, posing a significant risk to site integrity and content management.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0 CVE-2023-4941,https://securityvulnerability.io/vulnerability/CVE-2023-4941,Missing Authorization in BEAR for WordPress Affects Product Manipulation,"The BEAR for WordPress plugin is susceptible to a security flaw due to a missing capability check in the woobe_bulkoperations_swap function. This vulnerability permits authenticated users with subscriber level access or higher to execute unauthorized actions, specifically enabling them to manipulate product data. This lack of authorization controls could lead to unauthorized changes in product information, potentially compromising the integrity of an online store.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0 CVE-2023-4924,https://securityvulnerability.io/vulnerability/CVE-2023-4924,Missing Authorization Vulnerability in BEAR Plugin for WordPress,"The BEAR for WordPress, specifically versions up to 1.1.3.3, is exposed to a Missing Authorization vulnerability due to inadequate capability checks within the woobe_bulkoperations_delete function. This weakness allows authenticated attackers with subscriber-level permissions or higher to delete products without proper authorization, thereby posing a substantial risk to the integrity of the product data.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0 CVE-2023-4943,https://securityvulnerability.io/vulnerability/CVE-2023-4943,Authorization Flaw in BEAR for WordPress Affects Product Manipulation,"The BEAR for WordPress plugin is affected by a missing capability check in the woobe_bulkoperations_visibility function, allowing authenticated users with subscriber or higher roles to bypass authorization controls. This vulnerability can lead to unauthorized manipulation of product listings within the plugin, posing significant risks to website integrity and user trust.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0 CVE-2023-4920,https://securityvulnerability.io/vulnerability/CVE-2023-4920,Cross-Site Request Forgery Vulnerability in BEAR for WordPress Plugin,"The BEAR for WordPress plugin is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability due to inadequate nonce validation in the woobe_save_options function. This flaw allows unauthenticated attackers to manipulate the plugin's settings by tricking site administrators into executing unintended actions, such as clicking on crafted links. Furthermore, the plugin's insufficient input sanitization creates opportunities for malicious script injection, further compromising the security of the affected website.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0 CVE-2023-4935,https://securityvulnerability.io/vulnerability/CVE-2023-4935,Cross-Site Request Forgery in BEAR for WordPress Affects User Profile Creation,"The BEAR plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the create_profile function. This vulnerability allows attackers to exploit this weakness by tricking a site administrator into executing a forged request, thereby enabling the unauthorized creation of user profiles.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0 CVE-2023-4937,https://securityvulnerability.io/vulnerability/CVE-2023-4937,Cross-Site Request Forgery Vulnerability in BEAR for WordPress,"The BEAR plugin for WordPress is susceptible to a Cross-Site Request Forgery attack in versions 1.1.3.3 and earlier. This vulnerability arises from inadequate nonce validation in the woobe_bulkoperations_apply_default_combination function. As a result, unauthenticated attackers may exploit this flaw to manipulate products through forged requests, provided they can trick an authorized site administrator into executing an action, such as clicking on a malicious link.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0 CVE-2023-4942,https://securityvulnerability.io/vulnerability/CVE-2023-4942,Cross-Site Request Forgery Vulnerability in BEAR for WordPress,"The BEAR for WordPress plugin is susceptible to a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the woobe_bulkoperations_visibility function. This flaw allows attackers to forge requests that can manipulate product settings if they deceive a site administrator into clicking a malicious link. As a result, unauthenticated users can exploit this security gap, underscoring the importance of implementing proper nonce verification measures.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0 CVE-2023-4940,https://securityvulnerability.io/vulnerability/CVE-2023-4940,Cross-Site Request Forgery Vulnerability in BEAR Plugin for WordPress,"The BEAR plugin for WordPress is susceptible to a Cross-Site Request Forgery flaw, allowing unauthenticated attackers to manipulate product data. This vulnerability arises from the failure in nonce validation within the woobe_bulkoperations_swap function, enabling attackers to initiate unauthorized actions on behalf of site administrators. If an administrator clicks on a specially crafted link, it could lead to potential exploitation of the website.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0 CVE-2023-4938,https://securityvulnerability.io/vulnerability/CVE-2023-4938,Missing Authorization Vulnerability in BEAR for WordPress,"The BEAR plugin for WordPress suffers from a missing capability check in its woobe_bulkoperations_apply_default_combination function. This oversight allows authenticated users, such as subscribers or higher roles, to perform unauthorized actions—including manipulation of products—potentially compromising site integrity. It is crucial for users of the affected versions to take immediate action to secure their installations.",Wordpress,BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-10-18T08:15:00.000Z,0