Cross-Site Request Forgery Vulnerability in BEAR for WordPress
CVE-2023-4937
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 20 October 2023
What is CVE-2023-4937?
The BEAR plugin for WordPress is susceptible to a Cross-Site Request Forgery attack in versions 1.1.3.3 and earlier. This vulnerability arises from inadequate nonce validation in the woobe_bulkoperations_apply_default_combination function. As a result, unauthenticated attackers may exploit this flaw to manipulate products through forged requests, provided they can trick an authorized site administrator into executing an action, such as clicking on a malicious link.
Affected Version(s)
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net * <= 1.1.3.3