CVE-2026-1673

Name of the Vulnerable Software and Affected Versions The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net versions up to and including 1.1.5

Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validation in the woobe delete tax term() function. This allows unauthenticated attackers to delete WooCommerce taxonomy terms (categories, tags, etc.) by exploiting a forged request, requiring a site administrator or shop manager to be tricked into performing an action.

Recommendations Versions up to and including 1.1.5: Update to a version beyond 1.1.5.