Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins
CVE-2024-31430

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Wolf – WordPress Posts Bulk Editor And Manager Professional; Bear – Bulk Editor And Products Manager Professional For WooCommerce By Pluginus.net
Vendor: CVE Published:; 10 April 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WOLF – WordPress Posts Bulk Editor and Manager Professional and BEAR – Bulk Editor and Products Manager Professional for WooCommerce. This issue allows an attacker to perform unauthorized actions on behalf of an authenticated user, potentially compromising the security of the website. It affects versions of WOLF from n/a to 1.0.8.1 and BEAR from n/a to 1.1.4.1, making it crucial for users to patch their installations immediately to mitigate the risk.

Affected Version(s)

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.4.1

WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1

References

https://patchstack.com/database/vulnerability/bulk-editor...

vdb-entry

https://patchstack.com/database/vulnerability/woo-bulk-ed...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Apr 3, 2024

Credit

Dhabaleshwar Das (Patchstack Alliance)