cleantalk
Vulnerabilities and Security Researches

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net, CVE-2023-4920

CVE, Research URL

CVE-2023-4920

Home page URL

Security reports for BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Application

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Published on
Oct 20, 2023
Research Description
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.
Affected versions
max 1.1.4.
Status
vulnerable
Previous vulnerability researches
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net (CVE-2026-1673) , Apr 13, 2026
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net (CVE-2026-1672) , Apr 13, 2026
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net (CVE-2023-4942) , Jun 06, 2024
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net (CVE-2023-4923) , Jun 06, 2024
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net (CVE-2023-4920) , Jun 06, 2024
New vulnerability
CodeColorer (CVE-2026-4032) , Apr 17, 2026
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026