Search criteria
3 vulnerabilities found for YITH WooCommerce Gift Cards by yithemes
VAR-201910-0661
Vulnerability from variot - Updated: 2024-11-23 23:04plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "yith woocommerce zoom magnifier",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith desktop notifications for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.7"
},
{
"model": "yith woocommerce mailchimp",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.1.3"
},
{
"model": "yith woocommerce advanced reviews",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce pdf invoice and shipping list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.12"
},
{
"model": "yith product size charts for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.1"
},
{
"model": "yith color and label variations for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.8.11"
},
{
"model": "yith woocommerce authorize.net payment gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.12"
},
{
"model": "yith woocommerce recover abandoned cart",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.2"
},
{
"model": "yith paypal express checkout for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.5"
},
{
"model": "yith woocommerce questions and answers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith woocommerce badge management",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.19"
},
{
"model": "yith woocommerce points and rewards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce bulk product editing",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.13"
},
{
"model": "yith pre-order for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith advanced refund system for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.0.10"
},
{
"model": "yith woocommerce ajax search",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.9"
},
{
"model": "yith woocommerce waiting list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce subscription",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce cart messages",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.3"
},
{
"model": "yith woocommerce stripe",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.0.1"
},
{
"model": "yith custom thank you page for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.6"
},
{
"model": "yith woocommerce affiliates",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.3"
},
{
"model": "yith woocommerce multi vendor",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "3.4.0"
},
{
"model": "yith woocommerce added to cart popup",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith woocommerce order tracking",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce product add-ons",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.5.21"
},
{
"model": "yith woocommerce brands add-on",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.6"
},
{
"model": "yith woocommerce wishlist",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.2.13"
},
{
"model": "yith woocommerce gift cards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.7"
},
{
"model": "yith woocommerce frequently bought together",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce quick view",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.13"
},
{
"model": "yith woocommerce compare",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.3.13"
},
{
"model": "yith woocommerce request a quote",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.7"
},
{
"model": "yith woocommerce social login",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce multi-step checkout",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.7.4"
},
{
"model": "yith woocommerce product bundles",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.15"
},
{
"model": "yith woocommerce best sellers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.11"
},
{
"model": "yith-woocommerce-ajax-search",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-badges-management",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-brands-add-on",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-compare",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-order-tracking",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-quick-view",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-request-a-quote",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-social-login",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-wishlist",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-zoom-magnifier",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_ajax_search",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_badge_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_brands_add-on",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_compare",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_order_tracking",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_quick_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_request_a_quote",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_social_login",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_wishlist",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_zoom_magnifier",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"cve": "CVE-2019-16251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-16251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-148379",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-16251",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-16251",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-16251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-148379",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16251",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-148379",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"id": "VAR-201910-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:04:37.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://yithemes.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://wpvulndb.com/vulnerabilities/9932"
},
{
"trust": 1.8,
"url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16251"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16251"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2019-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2019-10-31T17:15:10.337000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2024-11-21T04:30:23.383000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WordPress for YIT Vulnerability related to privilege management in plug-in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
}
}
CVE-2024-0870 (GCVE-0-2024-0870)
Vulnerability from nvd – Published: 2024-05-14 02:38 – Updated: 2024-08-12 19:11
VLAI?
Title
YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update
Summary
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yithemes | YITH WooCommerce Gift Cards |
Affected:
* , ≤ 4.12.0
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yithemes:yith_woocommerce_gift_cards:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "yith_woocommerce_gift_cards",
"vendor": "yithemes",
"versions": [
{
"lessThanOrEqual": "4.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:43:55.523984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:11:50.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YITH WooCommerce Gift Cards",
"vendor": "yithemes",
"versions": [
{
"lessThanOrEqual": "4.12.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027save_mail_status\u0027 and \u0027save_email_settings\u0027 functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-285 Improper Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T02:38:18.778Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-13T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "YITH WooCommerce Gift Cards \u003c= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0870",
"datePublished": "2024-05-14T02:38:18.778Z",
"dateReserved": "2024-01-24T19:48:00.983Z",
"dateUpdated": "2024-08-12T19:11:50.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0870 (GCVE-0-2024-0870)
Vulnerability from cvelistv5 – Published: 2024-05-14 02:38 – Updated: 2024-08-12 19:11
VLAI?
Title
YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update
Summary
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yithemes | YITH WooCommerce Gift Cards |
Affected:
* , ≤ 4.12.0
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yithemes:yith_woocommerce_gift_cards:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "yith_woocommerce_gift_cards",
"vendor": "yithemes",
"versions": [
{
"lessThanOrEqual": "4.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:43:55.523984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:11:50.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YITH WooCommerce Gift Cards",
"vendor": "yithemes",
"versions": [
{
"lessThanOrEqual": "4.12.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027save_mail_status\u0027 and \u0027save_email_settings\u0027 functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-285 Improper Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T02:38:18.778Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-13T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "YITH WooCommerce Gift Cards \u003c= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0870",
"datePublished": "2024-05-14T02:38:18.778Z",
"dateReserved": "2024-01-24T19:48:00.983Z",
"dateUpdated": "2024-08-12T19:11:50.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}