Page 3 of 13 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función woobe_bulk Operations_apply_default_combination. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php https://www.wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. BEAR para WordPress es vulnerable a la falta de autorización en versiones hasta la 1.1.3.3 incluida. Esto se debe a que falta una verificación de capacidad en la función woobe_bulk Operations_apply_default_combination. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php https://www.wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=cve • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. The BEAR plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.1. This is due to missing or incorrect nonce validation on the woobe_create_new_product, woobe_duplicate_products, and woobe_delete_products functions. This makes it possible for unauthenticated attackers to create, duplicate, or delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •