CVE-2019-16251

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
yithemesyith_woocommerce_wishlist
𝑥
≤ 2.2.13
yithemesyith_woocommerce_compare
𝑥
≤ 2.3.13
yithemesyith_woocommerce_quick_view
𝑥
≤ 1.3.13
yithemesyith_woocommerce_zoom_magnifier
𝑥
≤ 1.3.11
yithemesyith_woocommerce_ajax_search
𝑥
≤ 1.6.9
yithemesyith_woocommerce_badge_management
𝑥
≤ 1.3.19
yithemesyith_woocommerce_brands_add-on
𝑥
≤ 1.3.6
yithemesyith_woocommerce_request_a_quote
𝑥
≤ 1.4.7
yithemesyith_woocommerce_social_login
𝑥
≤ 1.3.4
yithemesyith_woocommerce_order_tracking
𝑥
≤ 1.2.10
yithemesyith_woocommerce_pdf_invoice_and_shipping_list
𝑥
≤ 1.2.12
yithemesyith_pre-order_for_woocommerce
𝑥
≤ 1.1.9
yithemesyith_woocommerce_advanced_reviews
𝑥
≤ 1.3.9
yithemesyith_woocommerce_product_add-ons
𝑥
≤ 1.5.21
yithemesyith_woocommerce_gift_cards
𝑥
≤ 1.3.7
yithemesyith_woocommerce_subscription
𝑥
≤ 1.3.4
yithemesyith_woocommerce_affiliates
𝑥
≤ 1.6.3
yithemesyith_woocommerce_cart_messages
𝑥
≤ 1.4.3
yithemesyith_woocommerce_product_bundles
𝑥
≤ 1.1.15
yithemesyith_woocommerce_frequently_bought_together
𝑥
≤ 1.2.10
yithemesyith_woocommerce_multi-step_checkout
𝑥
≤ 1.7.4
yithemesyith_color_and_label_variations_for_woocommerce
𝑥
≤ 1.8.11
yithemesyith_custom_thank_you_page_for_woocommerce
𝑥
≤ 1.1.6
yithemesyith_product_size_charts_for_woocommerce
𝑥
≤ 1.1.1
yithemesyith_woocommerce_added_to_cart_popup
𝑥
≤ 1.3.11
yithemesyith_woocommerce_bulk_product_editing
𝑥
≤ 1.2.13
yithemesyith_woocommerce_stripe
𝑥
≤ 2.0.1
yithemesyith_woocommerce_waiting_list
𝑥
≤ 1.3.9
yithemesyith_woocommerce_points_and_rewards
𝑥
≤ 1.3.4
yithemesyith_advanced_refund_system_for_woocommerce
𝑥
≤ 1.0.10
yithemesyith_woocommerce_authorize.net_payment_gateway
𝑥
≤ 1.1.12
yithemesyith_woocommerce_best_sellers
𝑥
≤ 1.1.11
yithemesyith_woocommerce_mailchimp
𝑥
≤ 2.1.3
yithemesyith_woocommerce_multi_vendor
𝑥
≤ 3.4.0
yithemesyith_woocommerce_questions_and_answers
𝑥
≤ 1.1.9
yithemesyith_woocommerce_recover_abandoned_cart
𝑥
≤ 1.3.2
yithemesyith_paypal_express_checkout_for_woocommerce
𝑥
≤ 1.2.5
yithemesyith_desktop_notifications_for_woocommerce
𝑥
≤ 1.2.7
𝑥
= Vulnerable software versions
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://wpvulndb.com/vulnerabilities/9932
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://wpvulndb.com/vulnerabilities/9932