Vulnerability Description
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pluginus | Bear - Woocommerce Bulk Editor And Products Manager Professional | <= 1.1.3.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperatiThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1Third Party Advisory
- https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperatiThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1Third Party Advisory
FAQ
What is CVE-2023-4924?
CVE-2023-4924 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This make...
How severe is CVE-2023-4924?
CVE-2023-4924 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4924?
Check the references section above for vendor advisories and patch information. Affected products include: Pluginus Bear - Woocommerce Bulk Editor And Products Manager Professional.