Banner Management For WooCommerce, CVE-2018-11579

CVE, Research URL: CVE-2018-11579
Home page URL: Security reports for Banner Management For WooCommerce
Application: Banner Management For WooCommerce
Published on: May 31, 2018
Research Description: class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.
Affected versions: max 2.4.1.
Status: vulnerable