NotCVE - vendor:"Pluginus"

Page 4 of 44 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-4924 – BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion

https://notcve.org/view.php?id=CVE-2023-4924

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products. BEAR para WordPress es vulnerable a la falta de autorización en versiones hasta la 1.1.3.3 incluida. Esto se debe a que faltan comprobaciones de capacidad en la función woobe_bulk Operations_delete. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L344 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php https://www.wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-4938 – BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

https://notcve.org/view.php?id=CVE-2023-4938

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. BEAR para WordPress es vulnerable a la falta de autorización en versiones hasta la 1.1.3.3 incluida. Esto se debe a que falta una verificación de capacidad en la función woobe_bulk Operations_apply_default_combination. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php https://www.wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=cve • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-4920 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2023-4920

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 incluida. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/index.php#L805 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php https://www.wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-4923 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion

https://notcve.org/view.php?id=CVE-2023-4923

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función woobe_bulk Operations_delete. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L344 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4db03d-ec40-4145-aa95-fee78bda5205?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-4926 – BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion

https://notcve.org/view.php?id=CVE-2023-4926

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. BEAR para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.1.3.3 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función woobe_bulk_delete_products. • https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulk/bulk.php#L159 https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulk/bulk.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulk%2Fbulk.php https://www.wordfence.com/threat-intel/vulnerabilities/id/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3 4 5