cbcvebase.
CVE-2019-16251
published 2019-10-31

CVE-2019-16251: plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.

PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.95%
56.7th percentile
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
yithemesyith_advanced_refund_system_for_woocommerce<= 1.0.10
yithemesyith_color_and_label_variations_for_woocommerce<= 1.8.11
yithemesyith_custom_thank_you_page_for_woocommerce<= 1.1.6
yithemesyith_desktop_notifications_for_woocommerce<= 1.2.7
yithemesyith_paypal_express_checkout_for_woocommerce<= 1.2.5
yithemesyith_pre-order_for_woocommerce<= 1.1.9
yithemesyith_product_size_charts_for_woocommerce<= 1.1.1
yithemesyith_woocommerce_added_to_cart_popup<= 1.3.11
yithemesyith_woocommerce_advanced_reviews<= 1.3.9
yithemesyith_woocommerce_affiliates<= 1.6.3
yithemesyith_woocommerce_ajax_search<= 1.6.9
yithemesyith_woocommerce_authorize.net_payment_gateway<= 1.1.12
yithemesyith_woocommerce_badge_management<= 1.3.19
yithemesyith_woocommerce_best_sellers<= 1.1.11
yithemesyith_woocommerce_brands_add-on<= 1.3.6
yithemesyith_woocommerce_bulk_product_editing<= 1.2.13
yithemesyith_woocommerce_cart_messages<= 1.4.3
yithemesyith_woocommerce_compare<= 2.3.13
yithemesyith_woocommerce_frequently_bought_together<= 1.2.10
yithemesyith_woocommerce_gift_cards<= 1.3.7
yithemesyith_woocommerce_mailchimp<= 2.1.3
yithemesyith_woocommerce_multi-step_checkout<= 1.7.4
yithemesyith_woocommerce_multi_vendor<= 3.4.0
yithemesyith_woocommerce_order_tracking<= 1.2.10
yithemesyith_woocommerce_pdf_invoice_and_shipping_list<= 1.2.12

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.