CVE-2023-39158: 
WordPress vulnerability analysis and mitigation

The Cross-Site Request Forgery (CSRF) vulnerability affects theDotstore Banner Management For WooCommerce plugin versions 2.4.2 and below. The vulnerability was discovered on July 26, 2023, and was assigned CVE-2023-39158. The issue was fixed in version 2.4.3 of the plugin (Patchstack).

The vulnerability stems from the plugin's lack of CSRF protection when updating its Shop Banner settings. It has been classified as CWE-352 (Cross-Site Request Forgery). The vulnerability received a CVSS v3.1 base score of 6.5 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, while Patchstack assigned it a score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (WPScan).

The vulnerability could allow attackers to make logged-in administrators perform unwanted actions via a CSRF attack, specifically related to Shop Banner settings updates (WPScan).

The vulnerability has been fixed in version 2.4.3 of the Banner Management For WooCommerce plugin. Users are advised to update to this version or later to remove the vulnerability (Patchstack).