Unauthenticated Settings Change Vulnerability in MULTIDOTS WooCommerce Category Banner Management Plugin

CVE-2018-11579 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.

Learn more about our Wordpress Pen Testing.