CVE-2019-16251

Summary

CVE	CVE-2019-16251
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-10-31 17:15:00 UTC
Updated	2020-08-24 17:37:00 UTC
Description	plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Yithemes	Yith Advanced Refund System For Woocommerce	All	All	All	All
Application	Yithemes	Yith Color And Label Variations For Woocommerce	All	All	All	All
Application	Yithemes	Yith Custom Thank You Page For Woocommerce	All	All	All	All
Application	Yithemes	Yith Desktop Notifications For Woocommerce	All	All	All	All
Application	Yithemes	Yith Paypal Express Checkout For Woocommerce	All	All	All	All
Application	Yithemes	Yith Pre-order For Woocommerce	All	All	All	All
Application	Yithemes	Yith Product Size Charts For Woocommerce	All	All	All	All
Application	Yithemes	Yith Woocommerce Added To Cart Popup	All	All	All	All
Application	Yithemes	Yith Woocommerce Advanced Reviews	All	All	All	All
Application	Yithemes	Yith Woocommerce Affiliates	All	All	All	All
Application	Yithemes	Yith Woocommerce Ajax Search	All	All	All	All
Application	Yithemes	Yith Woocommerce Authorize.net Payment Gateway	All	All	All	All
Application	Yithemes	Yith Woocommerce Badge Management	All	All	All	All
Application	Yithemes	Yith Woocommerce Best Sellers	All	All	All	All
Application	Yithemes	Yith Woocommerce Brands Add-on	All	All	All	All
Application	Yithemes	Yith Woocommerce Bulk Product Editing	All	All	All	All
Application	Yithemes	Yith Woocommerce Cart Messages	All	All	All	All
Application	Yithemes	Yith Woocommerce Compare	All	All	All	All
Application	Yithemes	Yith Woocommerce Frequently Bought Together	All	All	All	All
Application	Yithemes	Yith Woocommerce Gift Cards	All	All	All	All
Application	Yithemes	Yith Woocommerce Mailchimp	All	All	All	All
Application	Yithemes	Yith Woocommerce Multi-step Checkout	All	All	All	All
Application	Yithemes	Yith Woocommerce Multi Vendor	All	All	All	All
Application	Yithemes	Yith Woocommerce Order Tracking	All	All	All	All
Application	Yithemes	Yith Woocommerce Pdf Invoice And Shipping List	All	All	All	All
Application	Yithemes	Yith Woocommerce Points And Rewards	All	All	All	All
Application	Yithemes	Yith Woocommerce Product Add-ons	All	All	All	All
Application	Yithemes	Yith Woocommerce Product Bundles	All	All	All	All
Application	Yithemes	Yith Woocommerce Questions And Answers	All	All	All	All
Application	Yithemes	Yith Woocommerce Quick View	All	All	All	All
Application	Yithemes	Yith Woocommerce Recover Abandoned Cart	All	All	All	All
Application	Yithemes	Yith Woocommerce Request A Quote	All	All	All	All
Application	Yithemes	Yith Woocommerce Social Login	All	All	All	All
Application	Yithemes	Yith Woocommerce Stripe	All	All	All	All
Application	Yithemes	Yith Woocommerce Subscription	All	All	All	All
Application	Yithemes	Yith Woocommerce Waiting List	All	All	All	All
Application	Yithemes	Yith Woocommerce Wishlist	All	All	All	All
Application	Yithemes	Yith Woocommerce Zoom Magnifier	All	All	All	All

References

Reference	Source	Link	Tags
Authenticated settings change vulnerability in YIT Plugin Framework. – NinTechNet	MISC	blog.nintechnet.com	Third Party Advisory
YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change	MISC	wpvulndb.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.