PT-2023-31219 · WordPress · Bear
Marco Wotschka
·
Publicado
2023-10-19
·
Atualizado
2023-10-25
·
CVE-2023-4943
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The BEAR for WordPress versions up to, and including, 1.1.3.3
Description
The issue is related to Missing Authorization. This is due to a missing capability check on the
woobe bulkoperations visibility function, making it possible for authenticated attackers (subscriber or higher) to manipulate products.Recommendations
For versions up to, and including, 1.1.3.3, update to a version that includes a fix for the missing capability check on the
woobe bulkoperations visibility function.
As a temporary workaround, consider restricting access to the woobe bulkoperations visibility function until a patch is available.Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bear