Cross-Site Request Forgery Vulnerability in BEAR for WordPress
CVE-2023-4942
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 20 October 2023
What is CVE-2023-4942?
The BEAR for WordPress plugin is susceptible to a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the woobe_bulkoperations_visibility function. This flaw allows attackers to forge requests that can manipulate product settings if they deceive a site administrator into clicking a malicious link. As a result, unauthenticated users can exploit this security gap, underscoring the importance of implementing proper nonce verification measures.
Affected Version(s)
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net * <= 1.1.3.3