Description
WordPress Plugin YITH WooCommerce Badge Management is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Badge Management version 1.3.19 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.21 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-badges-management/trunk/README.txt
Related Vulnerabilities
WordPress Plugin CopySafe PDF Protection Unspecified Vulnerability (1.10)
WordPress Plugin Baggage Freight Shipping Australia Arbitrary File Upload (0.1.0)
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10678)
WordPress Plugin Xorbin Digital Flash Clock Cross-Site Scripting (1.0)