Lucene search
HistoryOct 31, 2019 - 5:15 p.m.
CVE-2019-16251
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
19.4%
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
Affected configurations
Node
yithemesyith_woocommerce_wishlistRange≤2.2.13wordpress
Node
yithemesyith_woocommerce_compareRange≤2.3.13wordpress
Node
yithemesyith_woocommerce_quick_viewRange≤1.3.13wordpress
Node
yithemesyith_woocommerce_zoom_magnifierRange≤1.3.11wordpress
Node
yithemesyith_woocommerce_ajax_searchRange≤1.6.9wordpress
Node
yithemesyith_woocommerce_badge_managementRange≤1.3.19wordpress
Node
yithemesyith_woocommerce_brands_add-onRange≤1.3.6wordpress
Node
yithemesyith_woocommerce_request_a_quoteRange≤1.4.7wordpress
Node
yithemesyith_woocommerce_social_loginRange≤1.3.4wordpress
Node
yithemesyith_woocommerce_order_trackingRange≤1.2.10wordpress
Node
yithemesyith_woocommerce_pdf_invoice_and_shipping_listRange≤1.2.12wordpress
Node
yithemesyith_pre-order_for_woocommerceRange≤1.1.9wordpress
Node
yithemesyith_woocommerce_advanced_reviewsRange≤1.3.9wordpress
Node
yithemesyith_woocommerce_product_add-onsRange≤1.5.21wordpress
Node
yithemesyith_woocommerce_gift_cardsRange≤1.3.7wordpress
Node
yithemesyith_woocommerce_subscriptionRange≤1.3.4wordpress
Node
yithemesyith_woocommerce_affiliatesRange≤1.6.3wordpress
Node
yithemesyith_woocommerce_cart_messagesRange≤1.4.3wordpress
Node
yithemesyith_woocommerce_product_bundlesRange≤1.1.15wordpress
Node
yithemesyith_woocommerce_frequently_bought_togetherRange≤1.2.10wordpress
Node
yithemesyith_woocommerce_multi-step_checkoutRange≤1.7.4wordpress
Node
yithemesyith_color_and_label_variations_for_woocommerceRange≤1.8.11wordpress
Node
yithemesyith_custom_thank_you_page_for_woocommerceRange≤1.1.6wordpress
Node
yithemesyith_product_size_charts_for_woocommerceRange≤1.1.1wordpress
Node
yithemesyith_woocommerce_added_to_cart_popupRange≤1.3.11wordpress
Node
yithemesyith_woocommerce_bulk_product_editingRange≤1.2.13wordpress
Node
yithemesyith_woocommerce_stripeRange≤2.0.1wordpress
Node
yithemesyith_woocommerce_waiting_listRange≤1.3.9wordpress
Node
yithemesyith_woocommerce_points_and_rewardsRange≤1.3.4wordpress
Node
yithemesyith_advanced_refund_system_for_woocommerceRange≤1.0.10wordpress
Node
yithemesyith_woocommerce_authorize.net_payment_gatewayRange≤1.1.12wordpress
Node
yithemesyith_woocommerce_best_sellersRange≤1.1.11wordpress
Node
yithemesyith_woocommerce_mailchimpRange≤2.1.3wordpress
Node
yithemesyith_woocommerce_multi_vendorRange≤3.4.0wordpress
Node
yithemesyith_woocommerce_questions_and_answersRange≤1.1.9wordpress
Node
yithemesyith_woocommerce_recover_abandoned_cartRange≤1.3.2wordpress
Node
yithemesyith_paypal_express_checkout_for_woocommerceRange≤1.2.5wordpress
Node
yithemesyith_desktop_notifications_for_woocommerceRange≤1.2.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| yithemes | yith_woocommerce_wishlist | * | cpe:2.3:a:yithemes:yith_woocommerce_wishlist:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_compare | * | cpe:2.3:a:yithemes:yith_woocommerce_compare:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_quick_view | * | cpe:2.3:a:yithemes:yith_woocommerce_quick_view:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_zoom_magnifier | * | cpe:2.3:a:yithemes:yith_woocommerce_zoom_magnifier:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_ajax_search | * | cpe:2.3:a:yithemes:yith_woocommerce_ajax_search:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_badge_management | * | cpe:2.3:a:yithemes:yith_woocommerce_badge_management:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_brands_add-on | * | cpe:2.3:a:yithemes:yith_woocommerce_brands_add-on:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_request_a_quote | * | cpe:2.3:a:yithemes:yith_woocommerce_request_a_quote:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_social_login | * | cpe:2.3:a:yithemes:yith_woocommerce_social_login:*:*:*:*:*:wordpress:*:* |
| yithemes | yith_woocommerce_order_tracking | * | cpe:2.3:a:yithemes:yith_woocommerce_order_tracking:*:*:*:*:*:wordpress:*:* |
Related
patchstack
patchstack
WordPress YITH WooCommerce Cart Messages plugin <=1.4.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
2019-10-31 00:00:00
cve
cve
CVE-2019-16251
2019-10-31 17:15:10
prion
prion
Design/Logic Flaw
2019-10-31 17:15:00
wpvulndb
wpvulndb
YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change
2019-10-31 00:00:00
cvelist
cvelist
CVE-2019-16251
2019-10-31 16:09:29
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
19.4%
Related for NVD:CVE-2019-16251