CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4937 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
https://notcve.org/view.php?id=CVE-2023-4937
25 Sep 2023 — The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta l... • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4938 – BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
https://notcve.org/view.php?id=CVE-2023-4938
25 Sep 2023 — The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. BEAR para WordPress es vulnerable a la falta de autorización en versiones hasta la 1.1.3.3 incluida. Esto se debe a que falta una verificación de capacidad en la función woobe_bulk Operations_apply_defau... • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4940 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
https://notcve.org/view.php?id=CVE-2023-4940
25 Sep 2023 — The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 incluida. E... • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4941 – BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
https://notcve.org/view.php?id=CVE-2023-4941
25 Sep 2023 — The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. BEAR para WordPress es vulnerable a la falta de autorización en versiones hasta la 1.1.3.3 incluida. Esto se debe a que falta una verificación de capacidad en la función woobe_bulk Operations_swap. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521 • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4942 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
https://notcve.org/view.php?id=CVE-2023-4942
25 Sep 2023 — The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 inclu... • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4943 – BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
https://notcve.org/view.php?id=CVE-2023-4943
25 Sep 2023 — The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. BEAR para WordPress es vulnerable a la falta de autorización en versiones hasta la 1.1.3.3 incluida. Esto se debe a que falta una verificación de capacidad en la función woobe_bulk Operations_visibility. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34028 – WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34028
29 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. The WOLF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create new profiles via a forged request granted they can trick a site administrator into performing an acti... • https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33314 – WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33314
22 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. The BEAR plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.1. This is due to missing or incorrect nonce validation on the woobe_create_new_product, woobe_duplicate_products, and woobe_delete_products functions. This makes it possible for unauthenticated attackers to create, duplicate, or delete products via a forged request granted they can trick a site admini... • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2555 – WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation
https://notcve.org/view.php?id=CVE-2023-2555
12 May 2023 — The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher. • https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2557 – WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing
https://notcve.org/view.php?id=CVE-2023-2557
12 May 2023 — The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher. • https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher • CWE-862: Missing Authorization •