Description
WordPress Plugin YITH Pre-Order for WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH Pre-Order for WooCommerce version 1.1.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.1 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-pre-order-for-woocommerce/trunk/readme.txt
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.18)
WordPress Plugin WP Hotel Booking SQL Injection (2.1.0)
WordPress Plugin twimp-wp-twitter multi publisher Cross-Site Request Forgery (0.1)
WordPress Plugin A. Gallery TimThumb Arbitrary File Upload (0.9rev378511)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (6.3.0)