Description
WordPress Plugin YITH WooCommerce Advanced Reviews is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Advanced Reviews version 1.3.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.0 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-advanced-reviews/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Wonder Video Embed Cross-Site Scripting (1.7)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2359)
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14831)
WordPress Plugin Advanced Order Export For WooCommerce Cross-Site Scripting (3.1.7)
Oracle Database Server CVE-2004-2345 Vulnerability (CVE-2004-2345)