Vulnerabilities > CVE-2023-4938 - Missing Authorization vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
pluginus
CWE-862

Summary

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

Vulnerable Configurations

Part Description Count
Application
Pluginus
22

Common Weakness Enumeration (CWE)