Bear – Bulk Editor And Products Manager Professional For Woocommerce By Pluginus.Net
Approved changes feed: RSS · Atom
cpe:2.3:a:realmag777:bear_–_bulk_editor_and_products_manager_professional_for_woocommerce_by_pluginus.net:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Realmag777 (367987aa-9884-5ea5-b6ea-639a360f4171) |
|---|---|
| Product | Bear – Bulk Editor And Products Manager Professional For Woocommerce By Pluginus.Net (7960ca9b-d512-516d-992c-50989c63b61f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1673 |
vulnerable | 2026-06-03 15:14:45.088804 |
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion
MEDIUM (4.3)
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function. This makes it possible for unauthenticated attackers to delete WooCommerce taxonomy terms (categories, tags, etc.) via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Published: 2026-04-08T11:16:57.236Z
Updated: 2026-04-08T16:40:46.856Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1672 |
vulnerable | 2026-06-03 15:14:45.088372 |
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification
MEDIUM (6.5)
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function. This makes it possible for unauthenticated attackers to update WooCommerce product data including prices, descriptions, and other product fields via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Published: 2026-04-08T11:16:58.519Z
Updated: 2026-04-08T17:18:41.014Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31430 |
vulnerable | 2026-06-03 14:55:39.727998 |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.
Published: 2024-04-10T19:10:01.565Z
Updated: 2026-04-28T16:09:32.274Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24834 |
vulnerable | 2026-06-03 14:55:05.877737 |
WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.
Published: 2024-02-08T13:13:18.112Z
Updated: 2026-04-28T16:09:10.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4943 |
vulnerable | 2026-06-03 14:53:30.228626 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Published: 2023-10-20T06:35:13.763Z
Updated: 2026-04-08T16:44:03.765Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4942 |
vulnerable | 2026-06-03 14:53:30.228260 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:12.339Z
Updated: 2026-04-08T16:42:49.480Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4941 |
vulnerable | 2026-06-03 14:53:30.227874 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Published: 2023-10-20T07:29:29.267Z
Updated: 2026-04-08T17:18:38.808Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4940 |
vulnerable | 2026-06-03 14:53:30.227461 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:15.630Z
Updated: 2026-04-08T16:45:11.352Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4938 |
vulnerable | 2026-06-03 14:53:30.222739 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Published: 2023-10-18T07:31:17.079Z
Updated: 2026-04-08T17:20:33.324Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4937 |
vulnerable | 2026-06-03 14:53:30.222328 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:19.176Z
Updated: 2026-04-08T16:48:29.634Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4935 |
vulnerable | 2026-06-03 14:53:30.216946 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T06:35:28.217Z
Updated: 2026-04-08T16:57:23.805Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4926 |
vulnerable | 2026-06-03 14:53:29.993877 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
MEDIUM (5.4)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T07:29:26.995Z
Updated: 2026-04-08T17:14:35.221Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4924 |
vulnerable | 2026-06-03 14:53:29.991058 |
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion
MEDIUM (5.4)
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.
Published: 2023-10-20T07:29:22.473Z
Updated: 2026-04-08T17:03:00.833Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4923 |
vulnerable | 2026-06-03 14:53:29.990654 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
MEDIUM (5.4)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2023-10-20T07:29:22.008Z
Updated: 2026-04-08T17:02:20.039Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4920 |
vulnerable | 2026-06-03 14:53:29.985588 |
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
MEDIUM (4.3)
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.
Published: 2023-10-20T06:35:23.470Z
Updated: 2026-04-08T16:54:38.395Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.