WOLF – WordPress Posts Bulk Editor and Manager Professional WordPress Plugin Security Vulnerabilities | WPScan

13

March 2, 2026

5000

Published

2026-03-12

Title

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.9 - Authenticated (Editor+) SQL Injection

Fixed in

Fixed in 1.0.9

CVSS

4.9 (medium)

Published

2024-12-27

Title

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.6 - Authenticated (Editor+) Path Traversal

Fixed in

Fixed in 1.0.8.6

CVSS

2.7 (low)

Published

2024-11-11

Title

WOLF < 1.0.8.4 - Authenticated (Editor+) CSV Path Traversal

Fixed in

Fixed in 1.0.8.4

CVSS

2.7 (low)

Published

2024-05-07

Title

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Fixed in

Fixed in 1.0.8.3

CVSS

4.4 (medium)

Published

2024-04-10

Title

BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal

Fixed in

Fixed in 1.0.8.2

CVSS

5.3 (medium)

Published

2024-01-30

Title

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.2 - Cross-Site Request Forgery

Fixed in

Fixed in 1.0.8.2

CVSS

5.4 (medium)

Published

2024-01-30

Title

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.2 - Missing Authorization

Fixed in

Fixed in 1.0.8.2

CVSS

4.3 (medium)

Published

2024-01-16

Title

WOLF < 1.0.8.1 - Unauthenticated Stored Cross-Site Scripting via profile_title

Fixed in

Fixed in 1.0.8.1

CVSS

6.1 (medium)

Published

2023-10-17

Title

WOLF < 1.0.7.2 - Cross-Site Request Forgery (CSRF)

Fixed in

Fixed in 1.0.7.2

CVSS

4.3 (medium)

Published

2023-10-17

Title

WOLF < 1.0.7.2 - Admin+ Stored XSS

Fixed in

Fixed in 1.0.7.2

CVSS

3.5 (low)

Published

2023-05-29

Title

WOLF < 1.0.7.1 - Profile Creation via CSRF

Fixed in

Fixed in 1.0.7.1

CVSS

4.3 (medium)

Published

2023-05-29

Title

WOLF < 1.0.7.1 - Profile Creation via CSRF

Fixed in

Fixed in 1.0.7.1

CVSS

4.3 (medium)

Published

2023-05-03

Title

WOLF < 1.0.7 - Subscriber+ Stored XSS

Fixed in

Fixed in 1.0.7

CVSS

8.0 (high)