Description

WordPress Plugin YITH WooCommerce Quick View is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Quick View version 1.3.13 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3.15 or latest

References

https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/

https://plugins.svn.wordpress.org/yith-woocommerce-quick-view/trunk/README.txt

Related Vulnerabilities

Apache HTTP Server CVE-2004-0751 Vulnerability (CVE-2004-0751)

MySQL CVE-2020-2892 Vulnerability (CVE-2020-2892)

Django Improper Input Validation Vulnerability (CVE-2012-3443)

Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)

Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.4.9)

Severity

High

Classification

CVE-2019-16251 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Tags

Missing Update Authentication Bypass