Bear Woocommerce Bulk Editor And Products Manager Professional
Approved changes feed: RSS · Atom
cpe:2.3:a:pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Pluginus (b2d4bfa9-c97b-5f60-91a9-fcfd90546f78) |
|---|---|
| Product | Bear Woocommerce Bulk Editor And Products Manager Professional (6117ed49-f5b3-54f4-9aae-006ef97de369) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-26775 |
vulnerable | 2026-06-03 15:00:08.442632 |
WordPress BEAR Plugin <= 1.1.4.4 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR woo-bulk-editor allows Stored XSS.This issue affects BEAR: from n/a through <= 1.1.4.4.
Published: 2025-02-17T11:38:15.074Z
Updated: 2026-04-28T16:11:40.976Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31430 |
vulnerable | 2026-06-03 14:55:39.728165 |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.
Published: 2024-04-10T19:10:01.565Z
Updated: 2026-04-28T16:09:32.274Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30463 |
vulnerable | 2026-06-03 14:55:38.375795 |
WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.
Published: 2024-03-29T16:22:56.312Z
Updated: 2026-04-28T16:09:24.415Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30200 |
vulnerable | 2026-06-03 14:55:37.495801 |
WordPress BEAR plugin <= 1.1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.
Published: 2024-03-28T05:09:01.595Z
Updated: 2026-04-28T16:09:22.084Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24835 |
vulnerable | 2026-06-03 14:55:05.879729 |
WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.
Published: 2024-03-23T14:48:54.232Z
Updated: 2026-04-28T16:09:10.554Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24834 |
vulnerable | 2026-06-03 14:55:05.878436 |
WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.
Published: 2024-02-08T13:13:18.112Z
Updated: 2026-04-28T16:09:10.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4943 |
vulnerable | 2026-06-03 14:53:30.228655 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Published: 2023-10-20T06:35:13.763Z
Updated: 2026-04-08T16:44:03.765Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4942 |
vulnerable | 2026-06-03 14:53:30.228291 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:12.339Z
Updated: 2026-04-08T16:42:49.480Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4941 |
vulnerable | 2026-06-03 14:53:30.227908 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Published: 2023-10-20T07:29:29.267Z
Updated: 2026-04-08T17:18:38.808Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4940 |
vulnerable | 2026-06-03 14:53:30.227503 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:15.630Z
Updated: 2026-04-08T16:45:11.352Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4938 |
vulnerable | 2026-06-03 14:53:30.222881 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Published: 2023-10-18T07:31:17.079Z
Updated: 2026-04-08T17:20:33.324Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4937 |
vulnerable | 2026-06-03 14:53:30.222367 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:19.176Z
Updated: 2026-04-08T16:48:29.634Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4935 |
vulnerable | 2026-06-03 14:53:30.216985 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:28.217Z
Updated: 2026-04-08T16:57:23.805Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4926 |
vulnerable | 2026-06-03 14:53:29.993917 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
MEDIUM (5.4)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T07:29:26.995Z
Updated: 2026-04-08T17:14:35.221Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4924 |
vulnerable | 2026-06-03 14:53:29.991091 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion
MEDIUM (5.4)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.
Published: 2023-10-20T07:29:22.473Z
Updated: 2026-04-08T17:03:00.833Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4923 |
vulnerable | 2026-06-03 14:53:29.990694 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
MEDIUM (5.4)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T07:29:22.008Z
Updated: 2026-04-08T17:02:20.039Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4920 |
vulnerable | 2026-06-03 14:53:29.986549 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.
Published: 2023-10-20T06:35:23.470Z
Updated: 2026-04-08T16:54:38.395Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-33314 |
vulnerable | 2026-06-03 14:52:13.456469 |
WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.
Published: 2023-05-28T17:29:27.115Z
Updated: 2026-04-28T16:08:25.187Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.