CVE-2023-4941: 
WordPress vulnerability analysis and mitigation

The BEAR (Bulk Editor and Products Manager Professional) for WordPress plugin contains a Missing Authorization vulnerability (CVE-2023-4941) affecting versions up to and including 1.1.3.3. The vulnerability was discovered and publicly disclosed on September 25, 2023 (Wordfence).

The vulnerability stems from a missing capability check in the woobe_bulkoperations_swap function. This security flaw has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-862 (Missing Authorization) (NVD).

The vulnerability allows authenticated attackers with subscriber-level access or higher to manipulate products in the WooCommerce store. This unauthorized access to product manipulation functionality could potentially lead to unauthorized modifications of product information (NVD).

Website administrators running affected versions of the BEAR plugin should update to a version newer than 1.1.3.3 which contains the security fix. The vulnerability was addressed by implementing proper capability checks on the affected function (Wordfence).