CVE-2019-16251
MEDIUM EPSS 56.7%
Published Oct 31, 20196y ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Published Oct 31, 2019 6y ago
Last Modified Jun 17, 2026 2w ago
Description
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
56.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 38
| Vendor | Product | Version | Range |
|---|---|---|---|
| yithemes | yith_woocommerce_wishlist | * | ≤2.2.13 |
| yithemes | yith_woocommerce_compare | * | ≤2.3.13 |
| yithemes | yith_woocommerce_quick_view | * | ≤1.3.13 |
| yithemes | yith_woocommerce_zoom_magnifier | * | ≤1.3.11 |
| yithemes | yith_woocommerce_ajax_search | * | ≤1.6.9 |
| yithemes | yith_woocommerce_badge_management | * | ≤1.3.19 |
| yithemes | yith_woocommerce_brands_add-on | * | ≤1.3.6 |
| yithemes | yith_woocommerce_request_a_quote | * | ≤1.4.7 |
| yithemes | yith_woocommerce_social_login | * | ≤1.3.4 |
| yithemes | yith_woocommerce_order_tracking | * | ≤1.2.10 |
| yithemes | yith_woocommerce_pdf_invoice_and_shipping_list | * | ≤1.2.12 |
| yithemes | yith_pre-order_for_woocommerce | * | ≤1.1.9 |
| yithemes | yith_woocommerce_advanced_reviews | * | ≤1.3.9 |
| yithemes | yith_woocommerce_product_add-ons | * | ≤1.5.21 |
| yithemes | yith_woocommerce_gift_cards | * | ≤1.3.7 |
| yithemes | yith_woocommerce_subscription | * | ≤1.3.4 |
| yithemes | yith_woocommerce_affiliates | * | ≤1.6.3 |
| yithemes | yith_woocommerce_cart_messages | * | ≤1.4.3 |
| yithemes | yith_woocommerce_product_bundles | * | ≤1.1.15 |
| yithemes | yith_woocommerce_frequently_bought_together | * | ≤1.2.10 |
| yithemes | yith_woocommerce_multi-step_checkout | * | ≤1.7.4 |
| yithemes | yith_color_and_label_variations_for_woocommerce | * | ≤1.8.11 |
| yithemes | yith_custom_thank_you_page_for_woocommerce | * | ≤1.1.6 |
| yithemes | yith_product_size_charts_for_woocommerce | * | ≤1.1.1 |
| yithemes | yith_woocommerce_added_to_cart_popup | * | ≤1.3.11 |
| yithemes | yith_woocommerce_bulk_product_editing | * | ≤1.2.13 |
| yithemes | yith_woocommerce_stripe | * | ≤2.0.1 |
| yithemes | yith_woocommerce_waiting_list | * | ≤1.3.9 |
| yithemes | yith_woocommerce_points_and_rewards | * | ≤1.3.4 |
| yithemes | yith_advanced_refund_system_for_woocommerce | * | ≤1.0.10 |
| yithemes | yith_woocommerce_authorize.net_payment_gateway | * | ≤1.1.12 |
| yithemes | yith_woocommerce_best_sellers | * | ≤1.1.11 |
| yithemes | yith_woocommerce_mailchimp | * | ≤2.1.3 |
| yithemes | yith_woocommerce_multi_vendor | * | ≤3.4.0 |
| yithemes | yith_woocommerce_questions_and_answers | * | ≤1.1.9 |
| yithemes | yith_woocommerce_recover_abandoned_cart | * | ≤1.3.2 |
| yithemes | yith_paypal_express_checkout_for_woocommerce | * | ≤1.2.5 |
| yithemes | yith_desktop_notifications_for_woocommerce | * | ≤1.2.7 |
References 2
- blog.nintechnet.com https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
- wpvulndb.com https://wpvulndb.com/vulnerabilities/9932
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.