First published: Wed Oct 18 2023(Updated: )
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Credit: security@wordfence.com security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=1.1.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4938 is a vulnerability in the BEAR for WordPress plugin, allowing authenticated attackers to manipulate data.
The severity of CVE-2023-4938 is medium with a CVSS score of 4.3.
Authenticated attackers (subscriber or higher) can exploit CVE-2023-4938 to manipulate data.
Versions up to and including 1.1.3.3 of BEAR for WordPress are affected by CVE-2023-4938.
To fix CVE-2023-4938, update BEAR for WordPress to a version higher than 1.1.3.3.