CVSS 3.1 Score 4.3 of 10 (medium)


Published Oct 20, 2023
Updated: Nov 7, 2023
CWE ID 352


CVE-2023-4923, a vulnerability categorized as CWE-352 (Cross-Site Request Forgery), affects the BEAR for WordPress plugin in versions up to and including The vulnerability arises from missing or incorrect nonce validation on the woobe_bulkoperations_delete function, enabling unauthenticated attackers to delete products through a forged request if they can deceive a site administrator into taking an action like clicking on a link. This vulnerability poses a medium risk with a base severity of 4.3 and an exploitability score of 2.8 according to the National Vulnerability Database (NVD). The affected products include various versions of the BEAR for WordPress plugin. It is crucial for organizations using this plugin to remediate this vulnerability promptly to prevent potential unauthorized deletion of products and maintain the integrity of their websites.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4923 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options