VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 21 known issues Latest disclosed Apr 07, 2026

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Vulnerabilities

Review known vulnerability records for the WordPress plugin BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net (`woo-bulk-editor`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-1672, CVE-2026-1673 and CVE-2025-26775, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
21
High or Critical
0
Patch Coverage
100%
Last Updated
Apr 08, 2026
Priority CVE Quick Links

Fast paths into BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
21
CVE-2026-1672 Medium 1.1.6
CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Cross-Site Request Forgery

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

CVE-2023-33314 Medium 1.1.3.2
CVE-2023-33314 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Cross-Site Request Forgery

BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions

CVE-2024-30200 Medium 1.1.4.3
CVE-2024-30200 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Cross-Site Scripting

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.4.2 - Reflected Cross-Site Scripting

CVE-2025-26775 Medium 1.1.4.5
CVE-2025-26775 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Stored Cross-Site Scripting

BEAR <= 1.1.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE-2024-24834 Medium 1.1.4.1
CVE-2024-24834 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Stored Cross-Site Scripting

BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options

CVE-2023-4924 Medium 1.1.4
CVE-2023-4924 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Cross-Site Request Forgery

BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion

CVE-2023-4926 Medium 1.1.4
CVE-2023-4926 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Cross-Site Request Forgery

BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion

CVE-2023-4923 Medium 1.1.4
CVE-2023-4923 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Cross-Site Request Forgery

BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
21 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2026-1672, CVE-2026-1673 and CVE-2025-26775
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-1672
CVE-2026-1672: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function....

Published
Apr 07, 2026
Patched Release
1.1.6
Affected Versions
Versions up to 1.1.5
Next Step
Update to 1.1.6 or newer if supported.
Open CVE-2026-1672 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-1673
CVE-2026-1673: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function....

Published
Apr 07, 2026
Patched Release
1.1.6
Affected Versions
Versions up to 1.1.5
Next Step
Update to 1.1.6 or newer if supported.
Open CVE-2026-1673 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-26775
CVE-2025-26775: BEAR <= 1.1.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

The BEAR plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to injec...

Published
Feb 14, 2025
Patched Release
1.1.4.5
Affected Versions
Versions up to 1.1.4.4
Next Step
Update to 1.1.4.5 or newer if supported.
Open CVE-2025-26775 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-31430
CVE-2024-31430: BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal

Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on the admin_init() hook. This makes it possible for unauthenticated attackers to dismiss notices via a forged reque...

Published
Apr 10, 2024
Patched Release
1.1.4.2
Affected Versions
Versions up to 1.1.4.1
Next Step
Update to 1.1.4.2 or newer if supported.
Open CVE-2024-31430 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-30463
CVE-2024-30463: BEAR <= 1.1.4.3 - Missing Authorization

The BEAR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woobe_update_page_field() function in versions up to, and including, 1.1.4.3. This makes it possible for unauthenticated attackers to update page details.

Published
Mar 28, 2024
Patched Release
1.1.4.4
Affected Versions
Versions up to 1.1.4.3
Next Step
Update to 1.1.4.4 or newer if supported.
Open CVE-2024-30463 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-30200
CVE-2024-30200: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.4.2 - Reflected Cross-Site Scripting

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.4.2 due to insufficient input sanitization and output escaping. This makes it po...

Published
Mar 26, 2024
Patched Release
1.1.4.3
Affected Versions
Versions up to 1.1.4.2
Next Step
Update to 1.1.4.3 or newer if supported.
Open CVE-2024-30200 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-24834
CVE-2024-24834: BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin options in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. Th...

Published
Feb 02, 2024
Patched Release
1.1.4.1
Affected Versions
Versions up to 1.1.4
Next Step
Update to 1.1.4.1 or newer if supported.
Open CVE-2024-24834 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-24835
CVE-2024-24835: BEAR <= 1.1.4 - Missing Authorization via Several Functions

The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access...

Published
Feb 02, 2024
Patched Release
1.1.4.1
Affected Versions
Versions up to 1.1.4
Next Step
Update to 1.1.4.1 or newer if supported.
Open CVE-2024-24835 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4920
CVE-2023-4920: BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's setti...

Published
Sep 25, 2023
Patched Release
1.1.4
Affected Versions
Versions up to 1.1.3.3
Next Step
Update to 1.1.4 or newer if supported.
Open CVE-2023-4920 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4942
CVE-2023-4942: BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate p...

Published
Sep 25, 2023
Patched Release
1.1.4
Affected Versions
Versions up to 1.1.3.3
Next Step
Update to 1.1.4 or newer if supported.
Open CVE-2023-4942 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4924
CVE-2023-4924: BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to...

Published
Sep 25, 2023
Patched Release
1.1.4
Affected Versions
Versions up to 1.1.3.3
Next Step
Update to 1.1.4 or newer if supported.
Open CVE-2023-4924 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4940
CVE-2023-4940: BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate product...

Published
Sep 25, 2023
Patched Release
1.1.4
Affected Versions
Versions up to 1.1.3.3
Next Step
Update to 1.1.4 or newer if supported.
Open CVE-2023-4940 Report Open CVE Reference