CVE-2019-16251

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*

Configuration 2 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_compare:*:*:*:*:*:wordpress:*:*

Configuration 3 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_quick_view:*:*:*:*:*:wordpress:*:*

Configuration 4 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_zoom_magnifier:*:*:*:*:*:wordpress:*:*

Configuration 5 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_ajax_search:*:*:*:*:*:wordpress:*:*

Configuration 6 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_badge_management:*:*:*:*:*:wordpress:*:*

Configuration 7 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_brands_add-on:*:*:*:*:*:wordpress:*:*

Configuration 8 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_request_a_quote:*:*:*:*:*:wordpress:*:*

Configuration 9 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_social_login:*:*:*:*:*:wordpress:*:*

Configuration 10 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_order_tracking:*:*:*:*:*:wordpress:*:*

Configuration 11 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_pdf_invoice_and_shipping_list:*:*:*:*:*:wordpress:*:*

Configuration 12 (hide)

cpe:2.3:a:yithemes:yith_pre-order_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 13 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_advanced_reviews:*:*:*:*:*:wordpress:*:*

Configuration 14 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_product_add-ons:*:*:*:*:*:wordpress:*:*

Configuration 15 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_gift_cards:*:*:*:*:*:wordpress:*:*

Configuration 16 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_subscription:*:*:*:*:*:wordpress:*:*

Configuration 17 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_affiliates:*:*:*:*:*:wordpress:*:*

Configuration 18 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_cart_messages:*:*:*:*:*:wordpress:*:*

Configuration 19 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_product_bundles:*:*:*:*:*:wordpress:*:*

Configuration 20 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_frequently_bought_together:*:*:*:*:*:wordpress:*:*

Configuration 21 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_multi-step_checkout:*:*:*:*:*:wordpress:*:*

Configuration 22 (hide)

cpe:2.3:a:yithemes:yith_color_and_label_variations_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 23 (hide)

cpe:2.3:a:yithemes:yith_custom_thank_you_page_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 24 (hide)

cpe:2.3:a:yithemes:yith_product_size_charts_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 25 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_added_to_cart_popup:*:*:*:*:*:wordpress:*:*

Configuration 26 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_bulk_product_editing:*:*:*:*:*:wordpress:*:*

Configuration 27 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_stripe:*:*:*:*:*:wordpress:*:*

Configuration 28 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_waiting_list:*:*:*:*:*:wordpress:*:*

Configuration 29 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_points_and_rewards:*:*:*:*:*:wordpress:*:*

Configuration 30 (hide)

cpe:2.3:a:yithemes:yith_advanced_refund_system_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 31 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_authorize.net_payment_gateway:*:*:*:*:*:wordpress:*:*

Configuration 32 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_best_sellers:*:*:*:*:*:wordpress:*:*

Configuration 33 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_mailchimp:*:*:*:*:*:wordpress:*:*

Configuration 34 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_multi_vendor:*:*:*:*:*:wordpress:*:*

Configuration 35 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_questions_and_answers:*:*:*:*:*:wordpress:*:*

Configuration 36 (hide)

cpe:2.3:a:yithemes:yith_woocommerce_recover_abandoned_cart:*:*:*:*:*:wordpress:*:*

Configuration 37 (hide)

cpe:2.3:a:yithemes:yith_paypal_express_checkout_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 38 (hide)

cpe:2.3:a:yithemes:yith_desktop_notifications_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/ - Third Party Advisory () https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/ - Third Party Advisory
References () https://wpvulndb.com/vulnerabilities/9932 - Third Party Advisory () https://wpvulndb.com/vulnerabilities/9932 - Third Party Advisory

Information

Published : 2019-10-31 17:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16251

Mitre link : CVE-2019-16251

CVE.ORG link : CVE-2019-16251


JSON object : View

Products Affected

yithemes

  • yith_woocommerce_product_add-ons
  • yith_woocommerce_cart_messages
  • yith_product_size_charts_for_woocommerce
  • yith_woocommerce_subscription
  • yith_woocommerce_points_and_rewards
  • yith_woocommerce_recover_abandoned_cart
  • yith_color_and_label_variations_for_woocommerce
  • yith_woocommerce_compare
  • yith_custom_thank_you_page_for_woocommerce
  • yith_woocommerce_bulk_product_editing
  • yith_woocommerce_wishlist
  • yith_desktop_notifications_for_woocommerce
  • yith_woocommerce_multi-step_checkout
  • yith_pre-order_for_woocommerce
  • yith_woocommerce_request_a_quote
  • yith_woocommerce_quick_view
  • yith_woocommerce_pdf_invoice_and_shipping_list
  • yith_woocommerce_multi_vendor
  • yith_woocommerce_mailchimp
  • yith_woocommerce_social_login
  • yith_woocommerce_order_tracking
  • yith_woocommerce_product_bundles
  • yith_woocommerce_stripe
  • yith_woocommerce_zoom_magnifier
  • yith_woocommerce_affiliates
  • yith_woocommerce_questions_and_answers
  • yith_woocommerce_ajax_search
  • yith_woocommerce_brands_add-on
  • yith_woocommerce_waiting_list
  • yith_woocommerce_gift_cards
  • yith_woocommerce_authorize.net_payment_gateway
  • yith_advanced_refund_system_for_woocommerce
  • yith_paypal_express_checkout_for_woocommerce
  • yith_woocommerce_badge_management
  • yith_woocommerce_frequently_bought_together
  • yith_woocommerce_best_sellers
  • yith_woocommerce_added_to_cart_popup
  • yith_woocommerce_advanced_reviews