Description
WordPress Plugin YITH WooCommerce Multi Vendor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Multi Vendor version 3.4.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.1 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-product-vendors/trunk/readme.txt
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5481)
WordPress Plugin File Manager Unspecified Vulnerability (5.0.0)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.19)
Jboss EAP Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2016-4993)