#VU22547 Improper access control


Published: 2019-11-06

Vulnerability identifier: #VU22547

Vulnerability risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-16251

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
YITH Desktop Notifications for WooCommerce
Web applications / Modules and components for CMS
YITH PayPal Express Checkout for WooCommerce
Web applications / Modules and components for CMS
YITH WooCommerce Recover Abandoned Cart
Web applications / Modules and components for CMS
YITH WooCommerce Questions and Answers
Web applications / Modules and components for CMS
YITH WooCommerce Multi Vendor
Web applications / Modules and components for CMS
YITH WooCommerce Mailchimp
Web applications / Modules and components for CMS
YITH WooCommerce Best Sellers
Web applications / Modules and components for CMS
YITH WooCommerce Authorize.net Payment Gateway
Web applications / Modules and components for CMS
YITH Advanced Refund System for WooCommerce
Web applications / Modules and components for CMS
YITH WooCommerce Points and Rewards
Web applications / Modules and components for CMS
YITH WooCommerce Waiting List
Web applications / Modules and components for CMS
YITH WooCommerce Stripe
Web applications / Modules and components for CMS
YITH WooCommerce Bulk Product Editing
Web applications / Modules and components for CMS
YITH WooCommerce Added to Cart Popup
Web applications / Modules and components for CMS
YITH Product Size Charts for WooCommerce
Web applications / Modules and components for CMS
YITH Custom Thank You Page for Woocommerce
Web applications / Modules and components for CMS
YITH Color and Label Variations for WooCommerce
Web applications / Modules and components for CMS
YITH WooCommerce Multi-step Checkout
Web applications / Modules and components for CMS
YITH WooCommerce Frequently Bought Together
Web applications / Modules and components for CMS
YITH WooCommerce Product Bundles
Web applications / Modules and components for CMS
YITH WooCommerce Cart Messages
Web applications / Modules and components for CMS
YITH WooCommerce Affiliates
Web applications / Modules and components for CMS
YITH WooCommerce Subscription
Web applications / Modules and components for CMS
YITH WooCommerce Gift Cards
Web applications / Modules and components for CMS
YITH WooCommerce Product Add-Ons
Web applications / Modules and components for CMS
YITH WooCommerce Advanced Reviews
Web applications / Modules and components for CMS
YITH Pre-Order for WooCommerce
Web applications / Modules and components for CMS
YITH WooCommerce PDF Invoice and Shipping List
Web applications / Modules and components for CMS
YITH WooCommerce Order Tracking
Web applications / Modules and components for CMS
YITH WooCommerce Social Login
Web applications / Modules and components for CMS
YITH WooCommerce Request A Quote
Web applications / Modules and components for CMS
YITH WooCommerce Brands Add-On
Web applications / Modules and components for CMS
YITH WooCommerce Badge Management
Web applications / Modules and components for CMS
YITH WooCommerce Ajax Search
Web applications / Modules and components for CMS
YITH WooCommerce Zoom Magnifier
Web applications / Modules and components for CMS
YITH WooCommerce Quick View
Web applications / Modules and components for CMS
YITH WooCommerce Compare
Web applications / Modules and components for CMS
YITH WooCommerce Wishlist
Web applications / Modules and components for CMS

Vendor: YITH

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the “plugin-fw/lib/yit-plugin-panel-wc.php” script. A remote authenticated attacker can bypass implemented security restrictions and modify the plugin options.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

YITH Desktop Notifications for WooCommerce: 1.0.0 - 1.2.7

YITH PayPal Express Checkout for WooCommerce: 1.0.0 - 1.2.5

YITH WooCommerce Recover Abandoned Cart: 1.2.1 - 1.3.3

YITH WooCommerce Questions and Answers: 1.0.0 - 1.1.9

YITH WooCommerce Multi Vendor: 1.6.9 - 3.4.0

YITH WooCommerce Mailchimp: 1.0.0 - 2.1.3

YITH WooCommerce Best Sellers: 1.0.0 - 1.1.12

YITH WooCommerce Authorize.net Payment Gateway: 1.0.0 - 1.1.12

YITH Advanced Refund System for WooCommerce: 1.0.0 - 1.0.11

YITH WooCommerce Points and Rewards: 1.0.0 - 1.3.5

YITH WooCommerce Waiting List: 1.0.0 - 1.3.10

YITH WooCommerce Stripe: 1.0.0 - 2.0.1

YITH WooCommerce Bulk Product Editing: 1.0.0 - 1.2.14

YITH WooCommerce Added to Cart Popup: 1.0.0 - 1.3.12

YITH Product Size Charts for WooCommerce: 1.0.0 - 1.1.12

YITH Custom Thank You Page for Woocommerce: 1.0.0 - 1.1.7

YITH Color and Label Variations for WooCommerce: 1.8.1 - 1.8.12

YITH WooCommerce Multi-step Checkout: 1.4.0 - 1.7.4

YITH WooCommerce Frequently Bought Together: 1.0.1 - 1.2.10

YITH WooCommerce Product Bundles: 1.0.0 - 1.1.16

YITH WooCommerce Cart Messages: 1.2.1 - 1.4.4

YITH WooCommerce Affiliates: 1.0.0 - 1.6.2

YITH WooCommerce Subscription: 1.2.0 - 1.3.5

YITH WooCommerce Gift Cards: 1.0.0 - 1.3.7

YITH WooCommerce Product Add-Ons: 1.0.0 - 1.5.21

YITH WooCommerce Advanced Reviews: 1.0.3 - 1.3.9

YITH Pre-Order for WooCommerce: 1.0.0 - 1.2.0

YITH WooCommerce PDF Invoice and Shipping List: 1.0.0 - 1.2.12

YITH WooCommerce Order Tracking: 1.0.0 - 1.2.10

YITH WooCommerce Social Login: 1.2.0 - 1.3.5

YITH WooCommerce Request A Quote: 1.0.0 - 1.4.8

YITH WooCommerce Brands Add-On: 1.0.0 - 1.3.6

YITH WooCommerce Badge Management: 1.0.0 - 1.3.20

YITH WooCommerce Ajax Search: 1.0.0 - 1.7.0

YITH WooCommerce Zoom Magnifier: 1.0.0 - 1.3.11

YITH WooCommerce Quick View: 1.0.0 - 1.3.14

YITH WooCommerce Compare: 1.0.0 - 2.3.14

YITH WooCommerce Wishlist: 1.0.0 - 2.2.13


CPE

External links
http://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
http://wpvulndb.com/vulnerabilities/9932


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability