cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-31430,https://securityvulnerability.io/vulnerability/CVE-2024-31430,Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins,"Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. ",Wordpress,"Wolf – WordPress Posts Bulk Editor And Manager Professional,Bear – Bulk Editor And Products Manager Professional For WooCommerce By Pluginus.net",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-10T19:10:01.565Z,0 CVE-2024-0790,https://securityvulnerability.io/vulnerability/CVE-2024-0790,Cross-Site Request Forgery Vulnerabilities in WordPress Posts Bulk Editor and Manager Professional Plugin,"The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request.",Wordpress,WOLF – WordPress Posts Bulk Editor and Manager Professional,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-02-05T21:21:46.682Z,0 CVE-2024-0791,https://securityvulnerability.io/vulnerability/CVE-2024-0791,Unauthorized Access Vulnerability in WOLF WordPress Plugin,"The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin has a security flaw that permits authenticated attackers, including subscribers, to gain unauthorized access and make unauthorized changes to taxonomy terms. This vulnerability arises from the absence of proper capability checks in the functions responsible for creating, updating, and deleting taxonomy terms. As a result, users with minimal privileges can exploit this weakness to manipulate critical data within the WordPress environment.",Wordpress,WOLF – WordPress Posts Bulk Editor and Manager Professional,4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2024-02-05T21:21:33.679Z,0 CVE-2024-22159,https://securityvulnerability.io/vulnerability/CVE-2024-22159,WordPress WOLF Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS),"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8. ",Wordpress,WOLF – WordPress Posts Bulk Editor and Manager Professional,6.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2024-01-31T18:12:04.015Z,0 CVE-2023-46152,https://securityvulnerability.io/vulnerability/CVE-2023-46152,WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WOLF – WordPress Posts Bulk Editor and Manager Professional plugin, affecting versions up to 1.0.7.1. This flaw could allow attackers to perform unauthorized actions on behalf of users within the WordPress environment, potentially leading to the manipulation of posts and sensitive information. It is crucial for users to upgrade to the latest version and apply security best practices to mitigate the risks associated with this vulnerability.",Wordpress,WOLF – WordPress Posts Bulk Editor and Manager Professional,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2023-10-25T18:17:00.000Z,0 CVE-2023-44990,https://securityvulnerability.io/vulnerability/CVE-2023-44990,WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Scripting (XSS),Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.,Wordpress,WOLF – WordPress Posts Bulk Editor and Manager Professional,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-17T10:15:00.000Z,0 CVE-2023-31218,https://securityvulnerability.io/vulnerability/CVE-2023-31218,WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability,Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.,Wordpress,WOLF – WordPress Posts Bulk Editor and Manager Professional,6.1,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-08-18T14:15:00.000Z,0 CVE-2023-34028,https://securityvulnerability.io/vulnerability/CVE-2023-34028,WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF),Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.,Wordpress,Wolf – WordPress Posts Bulk Editor And Manager Professional,4.3,MEDIUM,0.000859999970998615,false,,false,false,false,,false,false,2023-06-22T15:15:00.000Z,0