Search criteria
3 vulnerabilities found for YITH WooCommerce Compare by YITHEMES
CVE-2026-22333 (GCVE-0-2026-22333)
Vulnerability from nvd – Published: 2026-02-19 08:26 – Updated: 2026-02-24 20:52
VLAI?
Title
WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability
Summary
Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YITHEMES | YITH WooCommerce Compare |
Affected:
n/a , ≤ <= 3.6.0
(custom)
|
Credits
mcdruid | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-22333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T20:52:24.026457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T20:52:27.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "yith-woocommerce-compare",
"product": "YITH WooCommerce Compare",
"vendor": "YITHEMES",
"versions": [
{
"changes": [
{
"at": "3.7.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "\u003c= 3.6.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mcdruid | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-02-19T09:26:09.997Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.\u003cp\u003eThis issue affects YITH WooCommerce Compare: from n/a through \u003c= 3.6.0.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through \u003c= 3.6.0."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T08:26:47.849Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/yith-woocommerce-compare/vulnerability/wordpress-yith-woocommerce-compare-plugin-3-6-0-deserialization-of-untrusted-data-vulnerability?_s_id=cve"
}
],
"title": "WordPress YITH WooCommerce Compare plugin \u003c= 3.6.0 - Deserialization of untrusted data vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-22333",
"datePublished": "2026-02-19T08:26:47.849Z",
"dateReserved": "2026-01-07T12:21:02.765Z",
"dateUpdated": "2026-02-24T20:52:27.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22333 (GCVE-0-2026-22333)
Vulnerability from cvelistv5 – Published: 2026-02-19 08:26 – Updated: 2026-02-24 20:52
VLAI?
Title
WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability
Summary
Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YITHEMES | YITH WooCommerce Compare |
Affected:
n/a , ≤ <= 3.6.0
(custom)
|
Credits
mcdruid | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-22333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T20:52:24.026457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T20:52:27.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "yith-woocommerce-compare",
"product": "YITH WooCommerce Compare",
"vendor": "YITHEMES",
"versions": [
{
"changes": [
{
"at": "3.7.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "\u003c= 3.6.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mcdruid | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-02-19T09:26:09.997Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.\u003cp\u003eThis issue affects YITH WooCommerce Compare: from n/a through \u003c= 3.6.0.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through \u003c= 3.6.0."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T08:26:47.849Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/yith-woocommerce-compare/vulnerability/wordpress-yith-woocommerce-compare-plugin-3-6-0-deserialization-of-untrusted-data-vulnerability?_s_id=cve"
}
],
"title": "WordPress YITH WooCommerce Compare plugin \u003c= 3.6.0 - Deserialization of untrusted data vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-22333",
"datePublished": "2026-02-19T08:26:47.849Z",
"dateReserved": "2026-01-07T12:21:02.765Z",
"dateUpdated": "2026-02-24T20:52:27.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201910-0661
Vulnerability from variot - Updated: 2024-11-23 23:04plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "yith woocommerce zoom magnifier",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith desktop notifications for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.7"
},
{
"model": "yith woocommerce mailchimp",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.1.3"
},
{
"model": "yith woocommerce advanced reviews",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce pdf invoice and shipping list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.12"
},
{
"model": "yith product size charts for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.1"
},
{
"model": "yith color and label variations for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.8.11"
},
{
"model": "yith woocommerce authorize.net payment gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.12"
},
{
"model": "yith woocommerce recover abandoned cart",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.2"
},
{
"model": "yith paypal express checkout for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.5"
},
{
"model": "yith woocommerce questions and answers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith woocommerce badge management",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.19"
},
{
"model": "yith woocommerce points and rewards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce bulk product editing",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.13"
},
{
"model": "yith pre-order for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith advanced refund system for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.0.10"
},
{
"model": "yith woocommerce ajax search",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.9"
},
{
"model": "yith woocommerce waiting list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce subscription",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce cart messages",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.3"
},
{
"model": "yith woocommerce stripe",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.0.1"
},
{
"model": "yith custom thank you page for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.6"
},
{
"model": "yith woocommerce affiliates",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.3"
},
{
"model": "yith woocommerce multi vendor",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "3.4.0"
},
{
"model": "yith woocommerce added to cart popup",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith woocommerce order tracking",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce product add-ons",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.5.21"
},
{
"model": "yith woocommerce brands add-on",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.6"
},
{
"model": "yith woocommerce wishlist",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.2.13"
},
{
"model": "yith woocommerce gift cards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.7"
},
{
"model": "yith woocommerce frequently bought together",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce quick view",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.13"
},
{
"model": "yith woocommerce compare",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.3.13"
},
{
"model": "yith woocommerce request a quote",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.7"
},
{
"model": "yith woocommerce social login",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce multi-step checkout",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.7.4"
},
{
"model": "yith woocommerce product bundles",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.15"
},
{
"model": "yith woocommerce best sellers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.11"
},
{
"model": "yith-woocommerce-ajax-search",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-badges-management",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-brands-add-on",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-compare",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-order-tracking",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-quick-view",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-request-a-quote",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-social-login",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-wishlist",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-zoom-magnifier",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_ajax_search",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_badge_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_brands_add-on",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_compare",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_order_tracking",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_quick_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_request_a_quote",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_social_login",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_wishlist",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_zoom_magnifier",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"cve": "CVE-2019-16251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-16251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-148379",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-16251",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-16251",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-16251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-148379",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16251",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-148379",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"id": "VAR-201910-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:04:37.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://yithemes.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://wpvulndb.com/vulnerabilities/9932"
},
{
"trust": 1.8,
"url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16251"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16251"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2019-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2019-10-31T17:15:10.337000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2024-11-21T04:30:23.383000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WordPress for YIT Vulnerability related to privilege management in plug-in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
}
}