Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery.
This issue affects BEAR: from n/a through 1.1.5.
AnalysisAI
Cross-site request forgery (CSRF) in PluginUs.Net BEAR plugin versions up to 1.1.5 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through crafted web requests. The vulnerability requires user interaction (clicking a malicious link) but can modify application state without the user's knowledge or consent. No active exploitation has been publicly confirmed at the time of analysis.
Technical ContextAI
CSRF vulnerabilities arise when an application fails to implement proper anti-CSRF tokens or validation mechanisms (CWE-352). The BEAR plugin, identified via CPE cpe:2.3:a:pluginus.net:bear:*:*:*:*:*:*:*:*, appears to be a WordPress plugin for bulk editing operations. When a WordPress plugin lacks CSRF protection on state-changing operations (POST, PUT, DELETE requests), an attacker can forge requests that execute in the context of an authenticated user's browser session, allowing unauthorized modifications to site data, settings, or content without the user's explicit consent.
RemediationAI
Upgrade PluginUs.Net BEAR plugin to version 1.1.6 or later once released by the vendor. Until a patched version is available, apply these compensating controls: (1) Implement WordPress security plugins that provide CSRF token enforcement (e.g., Wordfence, Sucuri) with minimal performance impact, (2) Restrict plugin access to trusted user roles only and limit administrative functions to specific IP addresses or VPN networks to reduce social engineering surface, (3) Disable the BEAR plugin entirely if bulk editing is not actively in use, or (4) Monitor WordPress audit logs for unexpected state changes via the plugin. Check the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/woo-bulk-editor/vulnerability/wordpress-bear-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability for patch availability and release timeline.
Blind SQL injection in BEAR woo-bulk-editor plugin for WordPress up to version 1.1.7.1 allows high-privilege authenticat
Reflected/stored cross-site scripting in the WordPress plugin BEAR (realmag777's WooCommerce Bulk Editor and Products Ma
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28343
GHSA-94cw-v8xh-fmpm