Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.
AnalysisAI
Blind SQL injection in BEAR woo-bulk-editor plugin for WordPress up to version 1.1.7.1 allows high-privilege authenticated administrators to extract database contents through specially crafted SQL queries. The scope change in CVSS (S:C) indicates potential impact beyond the plugin itself, enabling access to other WordPress data or resources. No public exploit code or active exploitation indicators identified at time of analysis, but Patchstack public disclosure increases weaponization risk.
Technical ContextAI
BEAR is a WordPress plugin providing bulk editing capabilities for WooCommerce products, developed by RealMag777. The vulnerability manifests as CWE-89 (SQL Injection) where user-controlled input from authenticated administrators is incorporated into SQL queries without proper sanitization or parameterization. The blind SQL injection variant means attackers cannot see query results directly but can infer data through timing-based or boolean-based techniques. The CPE identifier cpe:2.3:a:realmag777:bear confirms the specific vendor and product namespace. SQL injection in WordPress plugins typically occurs when developers use direct database queries via wpdb without prepared statements, allowing attackers to append malicious SQL syntax.
RemediationAI
Update BEAR woo-bulk-editor plugin to version 1.1.7.2 or later if available, verifying release notes address CVE-2026-45213. Check Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/woo-bulk-editor/vulnerability/wordpress-bear-plugin-1-1-7-1-sql-injection-vulnerability for confirmed patched version and installation guidance. If patch not yet released, implement compensating controls: restrict WordPress administrator access to trusted IP addresses via .htaccess or firewall rules, enforce multi-factor authentication for all admin accounts, audit administrator user list and remove unnecessary elevated accounts, enable WordPress database activity logging to detect blind SQL injection patterns (time delays, unusual queries). Consider temporarily disabling the plugin if bulk editing functionality not actively required. Monitor Patchstack and WordPress plugin repository for security updates. Note that IP restrictions may impact legitimate remote administration and MFA adds authentication friction.
Reflected/stored cross-site scripting in the WordPress plugin BEAR (realmag777's WooCommerce Bulk Editor and Products Ma
Cross-site request forgery (CSRF) in PluginUs.Net BEAR plugin versions up to 1.1.5 allows unauthenticated remote attacke
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29455
GHSA-3v6g-g235-cmv9