BEAR Bulk Editor and Products Manager Professional for WooCommerce Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net. This vulnerability affects all versions through 1.1.5 and stems from inadequate nonce validation in the woobe_redraw_table_row() function. As a result, unauthenticated attackers can manipulate WooCommerce product data, including prices and descriptions, by tricking an administrator or shop manager into clicking a link that sends a forged request.

Impact

Exploitation of this vulnerability allows for unauthorized modification of WooCommerce product data, including prices and descriptions.

Reproduction

To reproduce this vulnerability, an attacker must trick a site administrator or shop manager into clicking a link that initiates a request to the woobe_redraw_table_row() function without the required nonce. This can be done by creating a forged request that appears to come from a trusted source.

Remediation

Users are advised to update the plugin to version 1.1.6 or later, where this vulnerability has been patched.