VYPR

BEAR

by WordPress

CVEs (6)

  • CVE-2024-24835MedMar 23, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.

  • CVE-2023-4924MedOct 20, 2023
    risk 0.28cvss 5.4epss 0.00

    The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to…

  • CVE-2023-4940MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate…

  • CVE-2023-4937MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers…

  • CVE-2023-4935MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged…

  • CVE-2023-4938MedOct 18, 2023
    risk 0.21cvss 4.3epss 0.00

    The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or…