BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Information

Software Type Plugin
Software Slug woo-bulk-editor (view on wordpress.org)
Software Status Active
Software Author realmag777
Software Website bulk-editor.com
Software Downloads 505,928
Software Active Installs 30,000
Software Record Last Updated September 30, 2023

13 vulnerabilities

BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation
4.3
CVE-2023-4935
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Deletion
4.3
CVE-2023-4935
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
4.3
CVE-2023-4920
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
5.4
CVE-2023-4923
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion
5.4
CVE-2023-4924
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
5.4
CVE-2023-4926
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
4.3
CVE-2023-4937
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
4.3
CVE-2023-4942
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
4.3
CVE-2023-4943
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
4.3
CVE-2023-4940
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
4.3
CVE-2023-4941
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
4.3
CVE-2023-4938
Sep 25, 2023
Researcher: Marco Wotschka
BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions
6.5
CVE-2023-33314
May 22, 2023
Researcher: Nguyen Xuan Chien
Title CVE ID CVSS Researchers Date
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation CVE-2023-4935 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Deletion CVE-2023-4935 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2023-4920 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion CVE-2023-4923 5.4 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion CVE-2023-4924 5.4 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion CVE-2023-4926 5.4 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation CVE-2023-4937 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation CVE-2023-4942 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation CVE-2023-4943 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation CVE-2023-4940 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation CVE-2023-4941 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation CVE-2023-4938 4.3 Marco Wotschka September 25, 2023
BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions CVE-2023-33314 6.5 Nguyen Xuan Chien May 22, 2023

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation