Search criteria
3 vulnerabilities found for YITH PayPal Express Checkout for WooCommerce by YITHEMES
CVE-2025-48111 (GCVE-0-2025-48111)
Vulnerability from nvd – Published: 2025-06-17 15:01 – Updated: 2025-06-17 15:39
VLAI?
Title
WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YITHEMES | YITH PayPal Express Checkout for WooCommerce |
Affected:
n/a , ≤ 1.49.0
(custom)
|
Credits
Nguyen Xuan Chien (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:39:38.382093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:39:50.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "yith-paypal-express-checkout-for-woocommerce",
"product": "YITH PayPal Express Checkout for WooCommerce",
"vendor": "YITHEMES",
"versions": [
{
"changes": [
{
"at": "1.49.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.49.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nguyen Xuan Chien (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:01:43.752Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/yith-paypal-express-checkout-for-woocommerce/vulnerability/wordpress-yith-paypal-express-checkout-for-woocommerce-plugin-1-49-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version (at least 1.49.1)."
}
],
"value": "Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version (at least 1.49.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress YITH PayPal Express Checkout for WooCommerce plugin \u003c= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48111",
"datePublished": "2025-06-17T15:01:43.752Z",
"dateReserved": "2025-05-15T17:54:48.128Z",
"dateUpdated": "2025-06-17T15:39:50.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48111 (GCVE-0-2025-48111)
Vulnerability from cvelistv5 – Published: 2025-06-17 15:01 – Updated: 2025-06-17 15:39
VLAI?
Title
WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YITHEMES | YITH PayPal Express Checkout for WooCommerce |
Affected:
n/a , ≤ 1.49.0
(custom)
|
Credits
Nguyen Xuan Chien (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:39:38.382093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:39:50.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "yith-paypal-express-checkout-for-woocommerce",
"product": "YITH PayPal Express Checkout for WooCommerce",
"vendor": "YITHEMES",
"versions": [
{
"changes": [
{
"at": "1.49.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.49.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nguyen Xuan Chien (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:01:43.752Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/yith-paypal-express-checkout-for-woocommerce/vulnerability/wordpress-yith-paypal-express-checkout-for-woocommerce-plugin-1-49-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version (at least 1.49.1)."
}
],
"value": "Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version (at least 1.49.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress YITH PayPal Express Checkout for WooCommerce plugin \u003c= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48111",
"datePublished": "2025-06-17T15:01:43.752Z",
"dateReserved": "2025-05-15T17:54:48.128Z",
"dateUpdated": "2025-06-17T15:39:50.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201910-0661
Vulnerability from variot - Updated: 2024-11-23 23:04plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "yith woocommerce zoom magnifier",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith desktop notifications for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.7"
},
{
"model": "yith woocommerce mailchimp",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.1.3"
},
{
"model": "yith woocommerce advanced reviews",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce pdf invoice and shipping list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.12"
},
{
"model": "yith product size charts for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.1"
},
{
"model": "yith color and label variations for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.8.11"
},
{
"model": "yith woocommerce authorize.net payment gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.12"
},
{
"model": "yith woocommerce recover abandoned cart",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.2"
},
{
"model": "yith paypal express checkout for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.5"
},
{
"model": "yith woocommerce questions and answers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith woocommerce badge management",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.19"
},
{
"model": "yith woocommerce points and rewards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce bulk product editing",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.13"
},
{
"model": "yith pre-order for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith advanced refund system for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.0.10"
},
{
"model": "yith woocommerce ajax search",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.9"
},
{
"model": "yith woocommerce waiting list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce subscription",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce cart messages",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.3"
},
{
"model": "yith woocommerce stripe",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.0.1"
},
{
"model": "yith custom thank you page for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.6"
},
{
"model": "yith woocommerce affiliates",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.3"
},
{
"model": "yith woocommerce multi vendor",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "3.4.0"
},
{
"model": "yith woocommerce added to cart popup",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith woocommerce order tracking",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce product add-ons",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.5.21"
},
{
"model": "yith woocommerce brands add-on",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.6"
},
{
"model": "yith woocommerce wishlist",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.2.13"
},
{
"model": "yith woocommerce gift cards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.7"
},
{
"model": "yith woocommerce frequently bought together",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce quick view",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.13"
},
{
"model": "yith woocommerce compare",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.3.13"
},
{
"model": "yith woocommerce request a quote",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.7"
},
{
"model": "yith woocommerce social login",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce multi-step checkout",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.7.4"
},
{
"model": "yith woocommerce product bundles",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.15"
},
{
"model": "yith woocommerce best sellers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.11"
},
{
"model": "yith-woocommerce-ajax-search",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-badges-management",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-brands-add-on",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-compare",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-order-tracking",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-quick-view",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-request-a-quote",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-social-login",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-wishlist",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-zoom-magnifier",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_ajax_search",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_badge_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_brands_add-on",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_compare",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_order_tracking",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_quick_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_request_a_quote",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_social_login",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_wishlist",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_zoom_magnifier",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"cve": "CVE-2019-16251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-16251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-148379",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-16251",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-16251",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-16251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-148379",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16251",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-148379",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"id": "VAR-201910-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:04:37.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://yithemes.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://wpvulndb.com/vulnerabilities/9932"
},
{
"trust": 1.8,
"url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16251"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16251"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2019-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2019-10-31T17:15:10.337000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2024-11-21T04:30:23.383000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WordPress for YIT Vulnerability related to privilege management in plug-in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
}
}