1 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action. class-woo-banner-management.php en el plugin MULTIDOTS WooCommerce Category Banner Management 1.1.0 para WordPress tiene una vulnerabilidad de cambio de configuración sin autenticación, relacionada con un uso concreto de wp_ajax_nopriv_. Cualquier persona puede cambiar la configuración del plugin simplemente enviando una petición con una acción wbm_save_shop_page_banner_data. • http://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin https://wordpress.org/plugins/banner-management-for-woocommerce/#developers • CWE-287: Improper Authentication CWE-862: Missing Authorization •