CVE-2019-16251

moderate-risk

Published 2019-10-31

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Yith Woocommerce Wishlist

Yith Woocommerce Compare

Yith Woocommerce Quick View

Yith Woocommerce Zoom Magnifier

Yith Woocommerce Ajax Search

Yith Woocommerce Badge Management

Yith Woocommerce Brands Add-On

Yith Woocommerce Request A Quote

Yith Woocommerce Social Login

Yith Woocommerce Order Tracking

Yith Woocommerce Pdf Invoice And Shipping List

Yith Pre-Order For Woocommerce

Yith Woocommerce Advanced Reviews

Yith Woocommerce Product Add-Ons

Yith Woocommerce Gift Cards

Yith Woocommerce Subscription

Yith Woocommerce Affiliates

Yith Woocommerce Cart Messages

Yith Woocommerce Product Bundles

Yith Woocommerce Frequently Bought Together

Yithemes

Third Party Advisory https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-p...

Third Party Advisory https://wpvulndb.com/vulnerabilities/9932

Third Party Advisory https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-p...

Third Party Advisory https://wpvulndb.com/vulnerabilities/9932

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 24/34 · High