Cross-Site Request Forgery in BEAR for WordPress Affects Unauthenticated Users
CVE-2023-4926

5.4MEDIUM

Key Information:

Vendor
Realmag777
Status
Bear – Bulk Editor And Products Manager Professional For WooCommerce By Pluginus.net
Vendor
CVE Published:
20 October 2023

Summary

The BEAR plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability due to insufficient nonce validation in the woobe_bulk_delete_products function. This flaw could allow unauthenticated attackers to exploit the vulnerability by tricking site administrators into executing forged requests. As a result, attackers may delete products from the site without proper authorization, posing a significant risk to site integrity and content management.

Affected Version(s)

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net * <= 1.1.3.3

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marco Wotschka
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.