First published: Fri Oct 20 2023(Updated: )
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Credit: security@wordfence.com security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=1.1.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4941 is a vulnerability in the BEAR for WordPress plugin versions up to and including 1.1.3.3 that allows authenticated attackers to manipulate products due to a missing capability check.
CVE-2023-4941 has a severity rating of 4.3 out of 10 (medium).
An attacker can exploit CVE-2023-4941 by exploiting the missing authorization vulnerability in the woobe_bulkoperations_swap function of BEAR for WordPress.
Yes, a fix is available for CVE-2023-4941. It is recommended to update to a version of BEAR for WordPress higher than 1.1.3.3 to mitigate the vulnerability.
You can find more information about CVE-2023-4941 on the WordPress plugins trac page and the Wordfence threat intelligence page.