Pluginus.Net BEAR - Bulk Editor and Products Manager Professional
Moderate fix1 remedy
cpe:2.3:a:pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.1.5
BEAR Bulk Editor and Products Manager Professional for WooCommerce Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net, affecting all versions through 1.1.5. The vulnerability arises from inadequate nonce validation in the 'woobe_delete_tax_term()' function, allowing unauthenticated attackers to delete WooCommerce taxonomy terms, such as categories and tags. Exploitation requires tricking a site administrator or shop manager into clicking a link that initiates the deletion.
Impact
Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling the unauthorized deletion of WooCommerce taxonomy terms.
Reproduction
To reproduce this vulnerability, an attacker must send a forged request to the 'woobe_delete_tax_term()' function without a valid nonce. This can be done by tricking an administrator or shop manager into clicking a link that activates the request, such as through a phishing email or a malicious website.
Remediation
Users are advised to update the plugin to version 1.1.6 or later, where this vulnerability has been patched.
Added: Apr 8, 2026, 1:08 PM
Updated: Apr 8, 2026, 1:08 PM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
0.6exploitability
7.4remediation
7.7relevance
5.5threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.