The BEAR – Bulk Editor and Products Manager Professional for WooCommerce plugin suffers from a CSRF vulnerability because the woobe_redraw_table_row() function lacks nonce validation. This allows attackers to craft malicious requests that, if executed by an authenticated administrator or shop manager, can modify WooCommerce product details without proper authorization. The vulnerability affects all plugin versions up to 1.1.5. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. No patch or official fix has been documented, and no known exploitation has been reported.

An attacker can cause unauthorized modification of WooCommerce product data, including prices and descriptions, by exploiting the CSRF vulnerability. This can lead to integrity violations of product information on affected sites. There is no direct confidentiality or availability impact reported. The attack requires tricking an authenticated user with sufficient privileges to perform an action, such as clicking a malicious link.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, administrators should be cautious about clicking on untrusted links while logged into the WordPress admin interface. Implementing additional CSRF protections or using security plugins that enforce nonce validation may help mitigate risk. Monitor vendor channels for updates and apply patches promptly once available.