CVE-2019-16251

MEDIUM EPSS 56.7%
Published Oct 31, 20196y ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Oct 31, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
56.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 38

VendorProductVersionRange
yithemesyith_woocommerce_wishlist* ≤2.2.13
yithemesyith_woocommerce_compare* ≤2.3.13
yithemesyith_woocommerce_quick_view* ≤1.3.13
yithemesyith_woocommerce_zoom_magnifier* ≤1.3.11
yithemesyith_woocommerce_ajax_search* ≤1.6.9
yithemesyith_woocommerce_badge_management* ≤1.3.19
yithemesyith_woocommerce_brands_add-on* ≤1.3.6
yithemesyith_woocommerce_request_a_quote* ≤1.4.7
yithemesyith_woocommerce_social_login* ≤1.3.4
yithemesyith_woocommerce_order_tracking* ≤1.2.10
yithemesyith_woocommerce_pdf_invoice_and_shipping_list* ≤1.2.12
yithemesyith_pre-order_for_woocommerce* ≤1.1.9
yithemesyith_woocommerce_advanced_reviews* ≤1.3.9
yithemesyith_woocommerce_product_add-ons* ≤1.5.21
yithemesyith_woocommerce_gift_cards* ≤1.3.7
yithemesyith_woocommerce_subscription* ≤1.3.4
yithemesyith_woocommerce_affiliates* ≤1.6.3
yithemesyith_woocommerce_cart_messages* ≤1.4.3
yithemesyith_woocommerce_product_bundles* ≤1.1.15
yithemesyith_woocommerce_frequently_bought_together* ≤1.2.10
yithemesyith_woocommerce_multi-step_checkout* ≤1.7.4
yithemesyith_color_and_label_variations_for_woocommerce* ≤1.8.11
yithemesyith_custom_thank_you_page_for_woocommerce* ≤1.1.6
yithemesyith_product_size_charts_for_woocommerce* ≤1.1.1
yithemesyith_woocommerce_added_to_cart_popup* ≤1.3.11
yithemesyith_woocommerce_bulk_product_editing* ≤1.2.13
yithemesyith_woocommerce_stripe* ≤2.0.1
yithemesyith_woocommerce_waiting_list* ≤1.3.9
yithemesyith_woocommerce_points_and_rewards* ≤1.3.4
yithemesyith_advanced_refund_system_for_woocommerce* ≤1.0.10
yithemesyith_woocommerce_authorize.net_payment_gateway* ≤1.1.12
yithemesyith_woocommerce_best_sellers* ≤1.1.11
yithemesyith_woocommerce_mailchimp* ≤2.1.3
yithemesyith_woocommerce_multi_vendor* ≤3.4.0
yithemesyith_woocommerce_questions_and_answers* ≤1.1.9
yithemesyith_woocommerce_recover_abandoned_cart* ≤1.3.2
yithemesyith_paypal_express_checkout_for_woocommerce* ≤1.2.5
yithemesyith_desktop_notifications_for_woocommerce* ≤1.2.7

References 2

  • blog.nintechnet.com https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
    Third Party Advisory
  • wpvulndb.com https://wpvulndb.com/vulnerabilities/9932
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.