Vulnerabilities and security researches forbanner-management-for-woocommerce banner-management-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2018-11579
Home page URL: Security reports for Banner Management For WooCommerce
Application: Banner Management For WooCommerce
Date: May 31, 2018
Research Description: class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.
Affected versions: max 2.4.1.
Status: vulnerable

CVE, Research URL: CVE-2023-39158
Home page URL: Security reports for Banner Management For WooCommerce
Application: Banner Management For WooCommerce
Date: Oct 03, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.
Affected versions: max 2.4.3.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Banner Management For WooCommerce
Application: Banner Management For WooCommerce
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 2.2.3.
Status: vulnerable

Feb 28, 2026

CVE, Research URL: CVE-2026-22354
Home page URL: Security reports for Banner Management For WooCommerce
Application: Banner Management For WooCommerce
Date: Feb 20, 2026
Research Description: Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through <= 2.5.1.
Affected versions: max 2.5.1.
Status: vulnerable