Description
WordPress Plugin YITH WooCommerce Multi-step Checkout is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Multi-step Checkout version 1.7.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.5 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-multi-step-checkout/trunk/readme.txt
Related Vulnerabilities
Ruby Improper Authentication Vulnerability (CVE-2008-3905)
WordPress Plugin Redirection Cross-Site Request Forgery (1.1.4)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1862)
WordPress Plugin cformsII SQL Injection (14.12.3)
Nexus Repository Manager Improper Authentication Vulnerability (CVE-2019-9629)