First published: Fri Oct 20 2023(Updated: )
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.
Credit: security@wordfence.com security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=1.1.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability associated with CVE-2023-4943 is Missing Authorization in the BEAR for WordPress plugin.
The severity of CVE-2023-4943 is medium with a severity score of 4.3.
An authenticated attacker (subscriber or higher) can exploit CVE-2023-4943 by manipulating products in the BEAR for WordPress plugin.
Versions up to and including 1.1.3.3 of the BEAR for WordPress plugin are affected by CVE-2023-4943.
Yes, upgrading to a version beyond 1.1.3.3 of the BEAR for WordPress plugin will fix CVE-2023-4943.