What is the CVSS score of EUVD-2026-29455?

EUVD-2026-29455 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of BEAR woo-bulk-editor are affected by EUVD-2026-29455?

CVE-2026-45213 is a blind SQL injection vulnerability in the BEAR woo-bulk-editor WordPress plugin (versions up to 1.1.7.1) that permits authenticated administrators to extract sensitive database…

How to fix or mitigate EUVD-2026-29455?

Within 24 hours: Audit active administrators in WordPress installations running woo-bulk-editor ≤1.1.7.1 and review recent admin authentication logs. Within 7 days: Disable or remove the woo-bulk-editor plugin pending a security update; consider alternative bulk editing solutions. Within 30 days: Monitor Patchstack and official plugin channels for a patched version, and implement database access controls (e.g., restrict WordPress user database queries to essential tables only) to limit lateral movement if an admin account is compromised.

BEAR woo-bulk-editor EUVD-2026-29455

| CVE-2026-45213 HIGH

SQL Injection (CWE-89)

2026-05-12 Patchstack

GHSA-3v6g-g235-cmv9

SQLi

7.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 11:32 vuln.today

CVE Published

May 12, 2026 - 11:02 nvd

HIGH 7.6

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.

AnalysisAI

Blind SQL injection in BEAR woo-bulk-editor plugin for WordPress up to version 1.1.7.1 allows high-privilege authenticated administrators to extract database contents through specially crafted SQL queries. The scope change in CVSS (S:C) indicates potential impact beyond the plugin itself, enabling access to other WordPress data or resources. …

RemediationAI

Within 24 hours: Audit active administrators in WordPress installations running woo-bulk-editor ≤1.1.7.1 and review recent admin authentication logs. Within 7 days: Disable or remove the woo-bulk-editor plugin pending a security update; consider alternative bulk editing solutions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-29455 vulnerability details – vuln.today

Back