Description
WordPress Plugin YITH WooCommerce Social Login is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Social Login version 1.3.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.6 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-social-login/trunk/README.txt
Related Vulnerabilities
WordPress Plugin WP iCommerce-the first interactive ecommerce for wordpress SQL Injection (1.1.1)
WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.6.1)
WordPress 4.1.x Arbitrary File Deletion Vulnerability (4.1 - 4.1.23)
WordPress Plugin AdButler Unspecified Vulnerability (1.09)
WordPress Plugin WordPress Comments Import & Export CSV Injection (2.0.4)