Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
WooCommerce Category Banner Management allows Malicious Data Injection
CVE-2026-22354
Summary
An attacker can inject malicious data into WooCommerce category banners, potentially causing untrusted data to be executed. This issue affects WooCommerce Category Banner Management, which is used to display banners on WooCommerce category pages. To fix this, update to a version of WooCommerce Category Banner Management that is 2.5.2 or later.
Original title
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category ...
Original description
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through <= 2.5.1.
nvd CVSS3.1
8.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026