Description
WordPress Plugin YITH Custom Thank You Page for Woocommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH Custom Thank You Page for Woocommerce version 1.1.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.8 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-custom-thank-you-page-for-woocommerce/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2016-9841 Vulnerability (CVE-2016-9841)
WordPress Plugin Custom Text Selection Colors Cross-Site Scripting (1.0)
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7888)
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.0)