CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31430 – Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins
https://notcve.org/view.php?id=CVE-2024-31430
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 WOLF – Wo... • https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30463 – WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30463
28 Mar 2024 — Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. Vulnerabilidad de autorización faltante en realmag777 BEAR. Este problema afecta a BEAR: desde n/a hasta 1.1.4.3. The BEAR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woobe_update_page_field() function in versions up to, and including, 1.1.4.3. This makes it possible for unauthenticated attackers to update page details. • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30200 – WordPress BEAR plugin <= 1.1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30200
26 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en realmag777 BEAR permite XSS reflejado. Este problema afecta a BEAR: desde n/a hasta 1.1.4.2. The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for Wor... • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24835 – WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24835
02 Feb 2024 — Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. Vulnerabilidad de autorización faltante en realmag777 BEAR. Este problema afecta a BEAR: desde n/a hasta 1.1.4. The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to pe... • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •