Description
WordPress Plugin YITH WooCommerce Wishlist is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Wishlist version 2.2.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.2.14 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-wishlist/trunk/README.txt
Related Vulnerabilities
WordPress Plugin Mail Masta Local File Inclusion (1.0)
WordPress Plugin uCare-Support Ticket System Cross-Site Scripting (1.2.1)
Magento CVE-2020-9585 Vulnerability (CVE-2020-9585)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1814)
Oracle Database Server CVE-2008-0345 Vulnerability (CVE-2008-0345)