CVE-2018-11579

Woocommerce Category Banner Management <= 1.1.0 - Missing Authorization

mediumMissing Authorization

6.5

CVSS Score

6.5

CVSS Score

medium

Severity

1.1.1

Patched in

2065d

Time to patch

Description

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

None

Confidentiality

Low

Integrity

Low

Availability

Technical Details

Affected versions<=1.1.0

PublishedMay 29, 2018

Last updatedJanuary 22, 2024

Affected pluginbanner-management-for-woocommerce

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/7d02bed5-c45b-46db-a2c2-9c741f8b1dc5?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database