Description
WordPress Plugin YITH WooCommerce Gift Cards is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Gift Cards version 1.3.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.8 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-gift-cards/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin wp-publications Local File Inclusion (0.0)
WordPress Plugin Form Lightbox Security Bypass (2.1)
WordPress Plugin WP Photo Album 'photo' Parameter SQL Injection (1.0)
WordPress Plugin Email Artillery (MASS EMAIL) Multiple Vulnerabilities (4.1)
MODX Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1000207)