Improper access control in multiple WordPress plugins for YIT Plugin Framework



Published: 2019-11-06
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-16251
CWE-ID CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
YITH Desktop Notifications for WooCommerce
Web applications / Modules and components for CMS

YITH PayPal Express Checkout for WooCommerce
Web applications / Modules and components for CMS

YITH WooCommerce Recover Abandoned Cart
Web applications / Modules and components for CMS

YITH WooCommerce Questions and Answers
Web applications / Modules and components for CMS

YITH WooCommerce Multi Vendor
Web applications / Modules and components for CMS

YITH WooCommerce Mailchimp
Web applications / Modules and components for CMS

YITH WooCommerce Best Sellers
Web applications / Modules and components for CMS

YITH WooCommerce Authorize.net Payment Gateway
Web applications / Modules and components for CMS

YITH Advanced Refund System for WooCommerce
Web applications / Modules and components for CMS

YITH WooCommerce Points and Rewards
Web applications / Modules and components for CMS

YITH WooCommerce Waiting List
Web applications / Modules and components for CMS

YITH WooCommerce Stripe
Web applications / Modules and components for CMS

YITH WooCommerce Bulk Product Editing
Web applications / Modules and components for CMS

YITH WooCommerce Added to Cart Popup
Web applications / Modules and components for CMS

YITH Product Size Charts for WooCommerce
Web applications / Modules and components for CMS

YITH Custom Thank You Page for Woocommerce
Web applications / Modules and components for CMS

YITH Color and Label Variations for WooCommerce
Web applications / Modules and components for CMS

YITH WooCommerce Multi-step Checkout
Web applications / Modules and components for CMS

YITH WooCommerce Frequently Bought Together
Web applications / Modules and components for CMS

YITH WooCommerce Product Bundles
Web applications / Modules and components for CMS

YITH WooCommerce Cart Messages
Web applications / Modules and components for CMS

YITH WooCommerce Affiliates
Web applications / Modules and components for CMS

YITH WooCommerce Subscription
Web applications / Modules and components for CMS

YITH WooCommerce Gift Cards
Web applications / Modules and components for CMS

YITH WooCommerce Product Add-Ons
Web applications / Modules and components for CMS

YITH WooCommerce Advanced Reviews
Web applications / Modules and components for CMS

YITH Pre-Order for WooCommerce
Web applications / Modules and components for CMS

YITH WooCommerce PDF Invoice and Shipping List
Web applications / Modules and components for CMS

YITH WooCommerce Order Tracking
Web applications / Modules and components for CMS

YITH WooCommerce Social Login
Web applications / Modules and components for CMS

YITH WooCommerce Request A Quote
Web applications / Modules and components for CMS

YITH WooCommerce Brands Add-On
Web applications / Modules and components for CMS

YITH WooCommerce Badge Management
Web applications / Modules and components for CMS

YITH WooCommerce Ajax Search
Web applications / Modules and components for CMS

YITH WooCommerce Zoom Magnifier
Web applications / Modules and components for CMS

YITH WooCommerce Quick View
Web applications / Modules and components for CMS

YITH WooCommerce Compare
Web applications / Modules and components for CMS

YITH WooCommerce Wishlist
Web applications / Modules and components for CMS

Vendor YITH

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper access control

EUVDB-ID: #VU22547

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-16251

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the “plugin-fw/lib/yit-plugin-panel-wc.php” script. A remote authenticated attacker can bypass implemented security restrictions and modify the plugin options.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

YITH Desktop Notifications for WooCommerce: 1.0.0 - 1.2.7

YITH PayPal Express Checkout for WooCommerce: 1.0.0 - 1.2.5

YITH WooCommerce Recover Abandoned Cart: 1.2.1 - 1.3.3

YITH WooCommerce Questions and Answers: 1.0.0 - 1.1.9

YITH WooCommerce Multi Vendor: 1.6.9 - 3.4.0

YITH WooCommerce Mailchimp: 1.0.0 - 2.1.3

YITH WooCommerce Best Sellers: 1.0.0 - 1.1.12

YITH WooCommerce Authorize.net Payment Gateway: 1.0.0 - 1.1.12

YITH Advanced Refund System for WooCommerce: 1.0.0 - 1.0.11

YITH WooCommerce Points and Rewards: 1.0.0 - 1.3.5

YITH WooCommerce Waiting List: 1.0.0 - 1.3.10

YITH WooCommerce Stripe: 1.0.0 - 2.0.1

YITH WooCommerce Bulk Product Editing: 1.0.0 - 1.2.14

YITH WooCommerce Added to Cart Popup: 1.0.0 - 1.3.12

YITH Product Size Charts for WooCommerce: 1.0.0 - 1.1.12

YITH Custom Thank You Page for Woocommerce: 1.0.0 - 1.1.7

YITH Color and Label Variations for WooCommerce: 1.8.1 - 1.8.12

YITH WooCommerce Multi-step Checkout: 1.4.0 - 1.7.4

YITH WooCommerce Frequently Bought Together: 1.0.1 - 1.2.10

YITH WooCommerce Product Bundles: 1.0.0 - 1.1.16

YITH WooCommerce Cart Messages: 1.2.1 - 1.4.4

YITH WooCommerce Affiliates: 1.0.0 - 1.6.2

YITH WooCommerce Subscription: 1.2.0 - 1.3.5

YITH WooCommerce Gift Cards: 1.0.0 - 1.3.7

YITH WooCommerce Product Add-Ons: 1.0.0 - 1.5.21

YITH WooCommerce Advanced Reviews: 1.0.3 - 1.3.9

YITH Pre-Order for WooCommerce: 1.0.0 - 1.2.0

YITH WooCommerce PDF Invoice and Shipping List: 1.0.0 - 1.2.12

YITH WooCommerce Order Tracking: 1.0.0 - 1.2.10

YITH WooCommerce Social Login: 1.2.0 - 1.3.5

YITH WooCommerce Request A Quote: 1.0.0 - 1.4.8

YITH WooCommerce Brands Add-On: 1.0.0 - 1.3.6

YITH WooCommerce Badge Management: 1.0.0 - 1.3.20

YITH WooCommerce Ajax Search: 1.0.0 - 1.7.0

YITH WooCommerce Zoom Magnifier: 1.0.0 - 1.3.11

YITH WooCommerce Quick View: 1.0.0 - 1.3.14

YITH WooCommerce Compare: 1.0.0 - 2.3.14

YITH WooCommerce Wishlist: 1.0.0 - 2.2.13


CPE2.3 External links

http://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
http://wpvulndb.com/vulnerabilities/9932

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###