CVE-2019-16251
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
Affected (38)
Products: Yithemes: Yith Woocommerce Wishlist, Yith Woocommerce Compare, Yith Woocommerce Quick View, Yith Woocommerce Zoom Magnifier, Yith Woocommerce Ajax Search, Yith Woocommerce Badge Management, Yith Woocommerce Brands Add On, Yith Woocommerce Request A Quote, Yith Woocommerce Social Login, Yith Woocommerce Order Tracking, Yith Woocommerce Pdf Invoice And Shipping List, Yith Pre Order For Woocommerce, Yith Woocommerce Advanced Reviews, Yith Woocommerce Product Add Ons, Yith Woocommerce Gift Cards, Yith Woocommerce Subscription, Yith Woocommerce Affiliates, Yith Woocommerce Cart Messages, Yith Woocommerce Product Bundles, Yith Woocommerce Frequently Bought Together, Yith Woocommerce Multi Step Checkout, Yith Color And Label Variations For Woocommerce, Yith Custom Thank You Page For Woocommerce, Yith Product Size Charts For Woocommerce, Yith Woocommerce Added To Cart Popup, Yith Woocommerce Bulk Product Editing, Yith Woocommerce Stripe, Yith Woocommerce Waiting List, Yith Woocommerce Points And Rewards, Yith Advanced Refund System For Woocommerce, Yith Woocommerce Authorize.net Payment Gateway, Yith Woocommerce Best Sellers, Yith Woocommerce Mailchimp, Yith Woocommerce Multi Vendor, Yith Woocommerce Questions And Answers, Yith Woocommerce Recover Abandoned Cart, Yith Paypal Express Checkout For Woocommerce, Yith Desktop Notifications For Woocommerce
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.2.13 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.3.13 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.13 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.11 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.6.9 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.19 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.6 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.4.7 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.4 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.10 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.12 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.9 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.9 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.5.21 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.7 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.4 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.6.3 |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.4.3 |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.15 |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.10 |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.7.4 |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.8.11 |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.6 |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.1 |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.11 |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.13 |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.0.1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.9 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.4 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.0.10 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.12 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.11 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.1.3 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.4.0 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.1.9 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.3.2 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.5 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.7 |
References (4)
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.