Improper access control in YITH Web applications

#VU22547 Improper access control in YITH Web applications

Published: 2019-11-06

Vulnerability identifier: #VU22547

Vulnerability risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-16251

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vendor: YITH

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the “plugin-fw/lib/yit-plugin-panel-wc.php” script. A remote authenticated attacker can bypass implemented security restrictions and modify the plugin options.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

YITH Desktop Notifications for WooCommerce: 1.0.0 - 1.2.7

YITH PayPal Express Checkout for WooCommerce: 1.0.0 - 1.2.5

YITH WooCommerce Recover Abandoned Cart: 1.2.1 - 1.3.3

YITH WooCommerce Questions and Answers: 1.0.0 - 1.1.9

YITH WooCommerce Multi Vendor: 1.6.9 - 3.4.0

YITH WooCommerce Mailchimp: 1.0.0 - 2.1.3

YITH WooCommerce Best Sellers: 1.0.0 - 1.1.12

YITH WooCommerce Authorize.net Payment Gateway: 1.0.0 - 1.1.12

YITH Advanced Refund System for WooCommerce: 1.0.0 - 1.0.11

YITH WooCommerce Points and Rewards: 1.0.0 - 1.3.5

YITH WooCommerce Waiting List: 1.0.0 - 1.3.10

YITH WooCommerce Stripe: 1.0.0 - 2.0.1

YITH WooCommerce Bulk Product Editing: 1.0.0 - 1.2.14

YITH WooCommerce Added to Cart Popup: 1.0.0 - 1.3.12

YITH Product Size Charts for WooCommerce: 1.0.0 - 1.1.12

YITH Custom Thank You Page for Woocommerce: 1.0.0 - 1.1.7

YITH Color and Label Variations for WooCommerce: 1.8.1 - 1.8.12

YITH WooCommerce Multi-step Checkout: 1.4.0 - 1.7.4

YITH WooCommerce Frequently Bought Together: 1.0.1 - 1.2.10

YITH WooCommerce Product Bundles: 1.0.0 - 1.1.16

YITH WooCommerce Cart Messages: 1.2.1 - 1.4.4

YITH WooCommerce Affiliates: 1.0.0 - 1.6.2

YITH WooCommerce Subscription: 1.2.0 - 1.3.5

YITH WooCommerce Gift Cards: 1.0.0 - 1.3.7

YITH WooCommerce Product Add-Ons: 1.0.0 - 1.5.21

YITH WooCommerce Advanced Reviews: 1.0.3 - 1.3.9

YITH Pre-Order for WooCommerce: 1.0.0 - 1.2.0

YITH WooCommerce PDF Invoice and Shipping List: 1.0.0 - 1.2.12

YITH WooCommerce Order Tracking: 1.0.0 - 1.2.10

YITH WooCommerce Social Login: 1.2.0 - 1.3.5

YITH WooCommerce Request A Quote: 1.0.0 - 1.4.8

YITH WooCommerce Brands Add-On: 1.0.0 - 1.3.6

YITH WooCommerce Badge Management: 1.0.0 - 1.3.20

YITH WooCommerce Ajax Search: 1.0.0 - 1.7.0

YITH WooCommerce Zoom Magnifier: 1.0.0 - 1.3.11

YITH WooCommerce Quick View: 1.0.0 - 1.3.14

YITH WooCommerce Compare: 1.0.0 - 2.3.14

YITH WooCommerce Wishlist: 1.0.0 - 2.2.13

External links
http://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
http://wpvulndb.com/vulnerabilities/9932

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Improper access control in multiple WordPress plugins for YIT Plugin Framework