VYPR

BEAR for WordPress

by WordPress

CVEs (6)

  • CVE-2023-4926MedOct 20, 2023
    risk 0.28cvss 5.4epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products…

  • CVE-2023-4923MedOct 20, 2023
    risk 0.28cvss 5.4epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products…

  • CVE-2023-4941MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate…

  • CVE-2023-4943MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to…

  • CVE-2023-4942MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate…

  • CVE-2023-4920MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's…