Description
WordPress Plugin YITH WooCommerce Waiting List is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Waiting List version 1.3.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.11 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-waiting-list/trunk/README.txt
Related Vulnerabilities
Drupal Improper Authentication Vulnerability (CVE-2010-3685)
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2012-1156)
Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)
Jetty Session Fixation Vulnerability (CVE-2018-12538)
MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)