CVE-2018-11579 – Woocommerce Category Banner Management <= 1.1.0 - Missing Authorization

https://notcve.org/view.php?id=CVE-2018-11579

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action. class-woo-banner-management.php en el plugin MULTIDOTS WooCommerce Category Banner Management 1.1.0 para WordPress tiene una vulnerabilidad de cambio de configuración sin autenticación, relacionada con un uso concreto de wp_ajax_nopriv_. Cualquier persona puede cambiar la configuración del plugin simplemente enviando una petición con una acción wbm_save_shop_page_banner_data. • http://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin https://wordpress.org/plugins/banner-management-for-woocommerce/#developers • CWE-287: Improper Authentication CWE-862: Missing Authorization •