CVSS 3.1 Score 4.3 of 10 (medium)


Published Oct 18, 2023
Updated: Nov 7, 2023
CWE ID 862


CVE-2023-4938 is a vulnerability in the BEAR plugin for WordPress, affecting versions up to and including The vulnerability arises from a missing capability check on the woobe_bulkoperations_apply_default_combination function, enabling authenticated attackers (with subscriber-level or higher access) to manipulate products. It has a risk score of 5 and a base severity of MEDIUM. The affected products include various versions of the BEAR plugin. The potential danger posed by this vulnerability is that it allows unauthorized product manipulation within WordPress, potentially leading to unauthorized changes or malicious actions within an organization's website or e-commerce platform. Remediation should involve updating the affected plugin to a patched version once available, as well as closely monitoring and managing user access levels within WordPress to minimize the potential for exploitation.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4938 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options