Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.
Published: 2026-05-12
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an SQL injection flaw that permits attackers to insert malicious SQL statements through unsanitized input, potentially enabling the reading or modification of sensitive database information; it is classified under CWE-89.

Affected Systems

The BEAR woo-bulk-editor plugin from RealMag777, used within WordPress environments, is vulnerable in all releases up to and including version 1.1.7.1.

Risk and Exploitability

With a CVSS score of 7.6, the vulnerability carries moderate severity. The EPSS score is not available and it is not listed in CISA’s KEV catalog. The likely attack vector involves crafted requests to the plugin’s bulk edit interface, which may be accessible to authenticated users or possibly unauthenticated users depending on the site’s configuration. Exploitation would require sufficient access to the WordPress installation, and no vendor‑provided mitigations are indicated, making patching or removal of the affected component essential.

Generated by OpenCVE AI on May 12, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the BEAR woo-bulk-editor plugin to a version newer than 1.1.7.1, ensuring the SQL injection fix is in place.
  • If an updated version is not available, remove the plugin or disable its bulk editing features to eliminate the vulnerability.
  • Deploy web application firewall rules that detect and block suspicious SQL fragments targeting the plugin’s endpoints as a temporary safeguard.

Generated by OpenCVE AI on May 12, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Realmag777
Realmag777 bear
Wordpress
Wordpress wordpress
Vendors & Products Realmag777
Realmag777 bear
Wordpress
Wordpress wordpress

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.
Title WordPress BEAR plugin <= 1.1.7.1 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Realmag777 Bear
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T12:40:02.851Z

Reserved: 2026-05-11T14:11:52.757Z

Link: CVE-2026-45213

cve-icon Vulnrichment

Updated: 2026-05-12T12:39:54.642Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T11:16:20.733

Modified: 2026-05-12T14:03:52.757

Link: CVE-2026-45213

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:38:58Z

Weaknesses