Name of the Vulnerable Software and Affected Versions:

GoHero Store Customizer for WooCommerce plugin for WordPress versions up to, and including, 3.5

Description:

The issue allows unauthorized modification of data due to a missing capability check on the `wooh action settings save frontend()` function. This makes it possible for unauthenticated attackers to update limited plugin settings.

Recommendations:

For versions up to, and including, 3.5, update to a version that includes a fix for the missing capability check in the `wooh action settings save frontend()` function.

As a temporary workaround, consider restricting access to the `wooh action settings save frontend()` function until a patch is available.