Improper access control in multiple WordPress plugins for YIT Plugin Framework

Published: 2019-11-06

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-16251
CWE-ID	CWE-284
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	YITH Desktop Notifications for WooCommerce Web applications / Modules and components for CMS YITH PayPal Express Checkout for WooCommerce Web applications / Modules and components for CMS YITH WooCommerce Recover Abandoned Cart Web applications / Modules and components for CMS YITH WooCommerce Questions and Answers Web applications / Modules and components for CMS YITH WooCommerce Multi Vendor Web applications / Modules and components for CMS YITH WooCommerce Mailchimp Web applications / Modules and components for CMS YITH WooCommerce Best Sellers Web applications / Modules and components for CMS YITH WooCommerce Authorize.net Payment Gateway Web applications / Modules and components for CMS YITH Advanced Refund System for WooCommerce Web applications / Modules and components for CMS YITH WooCommerce Points and Rewards Web applications / Modules and components for CMS YITH WooCommerce Waiting List Web applications / Modules and components for CMS YITH WooCommerce Stripe Web applications / Modules and components for CMS YITH WooCommerce Bulk Product Editing Web applications / Modules and components for CMS YITH WooCommerce Added to Cart Popup Web applications / Modules and components for CMS YITH Product Size Charts for WooCommerce Web applications / Modules and components for CMS YITH Custom Thank You Page for Woocommerce Web applications / Modules and components for CMS YITH Color and Label Variations for WooCommerce Web applications / Modules and components for CMS YITH WooCommerce Multi-step Checkout Web applications / Modules and components for CMS YITH WooCommerce Frequently Bought Together Web applications / Modules and components for CMS YITH WooCommerce Product Bundles Web applications / Modules and components for CMS YITH WooCommerce Cart Messages Web applications / Modules and components for CMS YITH WooCommerce Affiliates Web applications / Modules and components for CMS YITH WooCommerce Subscription Web applications / Modules and components for CMS YITH WooCommerce Gift Cards Web applications / Modules and components for CMS YITH WooCommerce Product Add-Ons Web applications / Modules and components for CMS YITH WooCommerce Advanced Reviews Web applications / Modules and components for CMS YITH Pre-Order for WooCommerce Web applications / Modules and components for CMS YITH WooCommerce PDF Invoice and Shipping List Web applications / Modules and components for CMS YITH WooCommerce Order Tracking Web applications / Modules and components for CMS YITH WooCommerce Social Login Web applications / Modules and components for CMS YITH WooCommerce Request A Quote Web applications / Modules and components for CMS YITH WooCommerce Brands Add-On Web applications / Modules and components for CMS YITH WooCommerce Badge Management Web applications / Modules and components for CMS YITH WooCommerce Ajax Search Web applications / Modules and components for CMS YITH WooCommerce Zoom Magnifier Web applications / Modules and components for CMS YITH WooCommerce Quick View Web applications / Modules and components for CMS YITH WooCommerce Compare Web applications / Modules and components for CMS YITH WooCommerce Wishlist Web applications / Modules and components for CMS
Vendor	YITH

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper access control

EUVDB-ID: #VU22547

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16251

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the “plugin-fw/lib/yit-plugin-panel-wc.php” script. A remote authenticated attacker can bypass implemented security restrictions and modify the plugin options.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

YITH Desktop Notifications for WooCommerce: 1.0.0 - 1.2.7

YITH PayPal Express Checkout for WooCommerce: 1.0.0 - 1.2.5

YITH WooCommerce Recover Abandoned Cart: 1.2.1 - 1.3.3

YITH WooCommerce Questions and Answers: 1.0.0 - 1.1.9

YITH WooCommerce Multi Vendor: 1.6.9 - 3.4.0

YITH WooCommerce Mailchimp: 1.0.0 - 2.1.3

YITH WooCommerce Best Sellers: 1.0.0 - 1.1.12

YITH WooCommerce Authorize.net Payment Gateway: 1.0.0 - 1.1.12

YITH Advanced Refund System for WooCommerce: 1.0.0 - 1.0.11

YITH WooCommerce Points and Rewards: 1.0.0 - 1.3.5

YITH WooCommerce Waiting List: 1.0.0 - 1.3.10

YITH WooCommerce Stripe: 1.0.0 - 2.0.1

YITH WooCommerce Bulk Product Editing: 1.0.0 - 1.2.14

YITH WooCommerce Added to Cart Popup: 1.0.0 - 1.3.12

YITH Product Size Charts for WooCommerce: 1.0.0 - 1.1.12

YITH Custom Thank You Page for Woocommerce: 1.0.0 - 1.1.7

YITH Color and Label Variations for WooCommerce: 1.8.1 - 1.8.12

YITH WooCommerce Multi-step Checkout: 1.4.0 - 1.7.4

YITH WooCommerce Frequently Bought Together: 1.0.1 - 1.2.10

YITH WooCommerce Product Bundles: 1.0.0 - 1.1.16

YITH WooCommerce Cart Messages: 1.2.1 - 1.4.4

YITH WooCommerce Affiliates: 1.0.0 - 1.6.2

YITH WooCommerce Subscription: 1.2.0 - 1.3.5

YITH WooCommerce Gift Cards: 1.0.0 - 1.3.7

YITH WooCommerce Product Add-Ons: 1.0.0 - 1.5.21

YITH WooCommerce Advanced Reviews: 1.0.3 - 1.3.9

YITH Pre-Order for WooCommerce: 1.0.0 - 1.2.0

YITH WooCommerce PDF Invoice and Shipping List: 1.0.0 - 1.2.12

YITH WooCommerce Order Tracking: 1.0.0 - 1.2.10

YITH WooCommerce Social Login: 1.2.0 - 1.3.5

YITH WooCommerce Request A Quote: 1.0.0 - 1.4.8

YITH WooCommerce Brands Add-On: 1.0.0 - 1.3.6

YITH WooCommerce Badge Management: 1.0.0 - 1.3.20

YITH WooCommerce Ajax Search: 1.0.0 - 1.7.0

YITH WooCommerce Zoom Magnifier: 1.0.0 - 1.3.11

YITH WooCommerce Quick View: 1.0.0 - 1.3.14

YITH WooCommerce Compare: 1.0.0 - 2.3.14

YITH WooCommerce Wishlist: 1.0.0 - 2.2.13

CPE2.3

cpe:2.3:a:yithemes:yith-desktop-notifications-for-woocommerce:1.2.7:*:*:*:*:wordpress:*:*

External links

http://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
http://wpvulndb.com/vulnerabilities/9932

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?