Description
WordPress Plugin YITH WooCommerce Cart Messages is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Cart Messages version 1.4.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.5 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-cart-messages/trunk/README.txt
Related Vulnerabilities
Oracle JRE CVE-2012-5084 Vulnerability (CVE-2012-5084)
WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.20)
MySQL CVE-2019-2810 Vulnerability (CVE-2019-2810)
WordPress Plugin WA Form Builder SQL Injection (1.1)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8624)