Description
WordPress Plugin YITH Custom Thank You Page for Woocommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH Custom Thank You Page for Woocommerce version 1.1.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.8 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-custom-thank-you-page-for-woocommerce/trunk/readme.txt
Related Vulnerabilities
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.5)
PHP Resource Management Errors Vulnerability (CVE-2011-3267)
WordPress Plugin Juiz Social Post Sharer Multiple Cross-Site Scripting Vulnerabilities (1.3.3.7)
WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (4.4.3)