Cross-Site Request Forgery Vulnerability in PluginUs.Net BEAR
CVE-2026-27415

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Bear
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-27415?

The BEAR plugin by PluginUs.Net is susceptible to a Cross-Site Request Forgery vulnerability, which can allow unauthorized actions to be performed on behalf of users without their consent. Affected versions include all prior to 1.1.5, potentially exposing user accounts and sensitive operations to unauthorized access. Users are advised to ensure they are using the latest version to mitigate this risk.

Affected Version(s)

BEAR <= 1.1.5

References

https://patchstack.com/database/wordpress/plugin/woo-bulk...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

benzdeus | Patchstack Bug Bounty Program

CVE-2026-27415 Data

JSON

WordPress

What is CVE-2026-27415?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit