cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forbulk-editor bulk-editor

Direction: descending
Feb 05, 2025

WOLF – WordPress Posts Bulk Editor and Manager Professional # CVE-2025-24605

CVE, Research URL

CVE-2025-24605

Home page URL

Security reports for WOLF – WordPress Posts Bulk Editor and Manager Professional

Application

WOLF – WordPress Posts Bulk Editor and Manager Professional

Date
Feb 03, 2025
Research Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5.
Affected versions
Min -, max -.
Status
vulnerable
Nov 15, 2024

WOLF – WordPress Posts Bulk Editor and Manager Professional # CVE-2024-52396

CVE, Research URL

CVE-2024-52396

Home page URL

Security reports for WOLF – WordPress Posts Bulk Editor and Manager Professional

Application

WOLF – WordPress Posts Bulk Editor and Manager Professional

Date
Nov 14, 2024
Research Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.
Affected versions
Min -, max -.
Status
vulnerable
Jun 06, 2024

WOLF – WordPress Posts Bulk Editor and Manager Professional # CVE-2024-0791

CVE, Research URL

CVE-2024-0791

Home page URL

Security reports for WOLF – WordPress Posts Bulk Editor and Manager Professional

Application

WOLF – WordPress Posts Bulk Editor and Manager Professional

Date
Feb 06, 2024
Research Description
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms.
Affected versions
Min -, max -.
Status
vulnerable

WOLF – WordPress Posts Bulk Editor and Manager Professional # CVE-2023-31218

CVE, Research URL

CVE-2023-31218

Home page URL

Security reports for WOLF – WordPress Posts Bulk Editor and Manager Professional

Application

WOLF – WordPress Posts Bulk Editor and Manager Professional

Date
Aug 18, 2023
Research Description
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2023-34028

CVE, Research URL

CVE-2023-34028

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
Jun 22, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2023-44990

CVE, Research URL

CVE-2023-44990

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
Oct 17, 2023
Research Description
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2023-46152

CVE, Research URL

CVE-2023-46152

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
Oct 25, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2024-22159

CVE, Research URL

CVE-2024-22159

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
Feb 01, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2024-0790

CVE, Research URL

CVE-2024-0790

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
Feb 06, 2024
Research Description
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2024-31430

CVE, Research URL

CVE-2024-31430

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
Apr 11, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.
Affected versions
Min -, max -.
Status
vulnerable

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional # CVE-2024-34558

CVE, Research URL

CVE-2024-34558

Home page URL

Security reports for WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Application

WOLF &#8211; WordPress Posts Bulk Editor and Manager Professional

Date
May 08, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2.
Affected versions
Min -, max -.
Status
vulnerable