CVE-2018-11579

Name of the Vulnerable Software and Affected Versions WooCommerce Category Banner Management plugin version 1.1.0

Description The issue is related to an Unauthenticated Settings Change, allowing anyone to modify the plugin's settings by sending a request with a wbm save shop page banner data action. This is due to certain wp ajax nopriv usage in the class-woo-banner-management.php file.

Recommendations For version 1.1.0, consider disabling the wp ajax nopriv usage related to the wbm save shop page banner data action until a patch is available. Restrict access to the class-woo-banner-management.php file to minimize the risk of exploitation. Avoid using the wbm save shop page banner data action in the affected API endpoint until the issue is resolved.