Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for YITH WooCommerce Request A Quote by YITHEMES

    CVE-2026-24366 (GCVE-0-2026-24366)

    Vulnerability from nvd – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:14
    VLAI
    Title
    WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    YITHEMES YITH WooCommerce Request A Quote Affected: 0 , ≤ 2.46.0 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:21
    Credits
    PPzzAArr | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24366",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T20:29:36.305628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T01:51:09.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "yith-woocommerce-request-a-quote",
              "product": "YITH WooCommerce Request A Quote",
              "vendor": "YITHEMES",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.46.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.46.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "PPzzAArr | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:21:02.251Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects YITH WooCommerce Request A Quote: from n/a through \u003c= 2.46.0.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through \u003c= 2.46.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:14:47.996Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/yith-woocommerce-request-a-quote/vulnerability/wordpress-yith-woocommerce-request-a-quote-plugin-2-46-0-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress YITH WooCommerce Request A Quote plugin \u003c= 2.46.0 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-24366",
        "datePublished": "2026-01-22T16:52:44.884Z",
        "dateReserved": "2026-01-22T14:42:32.873Z",
        "dateUpdated": "2026-04-28T16:14:47.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24366 (GCVE-0-2026-24366)

    Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:14
    VLAI
    Title
    WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    YITHEMES YITH WooCommerce Request A Quote Affected: 0 , ≤ 2.46.0 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:21
    Credits
    PPzzAArr | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24366",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T20:29:36.305628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T01:51:09.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "yith-woocommerce-request-a-quote",
              "product": "YITH WooCommerce Request A Quote",
              "vendor": "YITHEMES",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.46.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.46.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "PPzzAArr | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:21:02.251Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects YITH WooCommerce Request A Quote: from n/a through \u003c= 2.46.0.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through \u003c= 2.46.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:14:47.996Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/yith-woocommerce-request-a-quote/vulnerability/wordpress-yith-woocommerce-request-a-quote-plugin-2-46-0-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress YITH WooCommerce Request A Quote plugin \u003c= 2.46.0 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-24366",
        "datePublished": "2026-01-22T16:52:44.884Z",
        "dateReserved": "2026-01-22T14:42:32.873Z",
        "dateUpdated": "2026-04-28T16:14:47.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201910-0661

    Vulnerability from variot - Updated: 2024-11-23 23:04

    plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0661",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "yith woocommerce zoom magnifier",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.11"
          },
          {
            "model": "yith desktop notifications for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.2.7"
          },
          {
            "model": "yith woocommerce mailchimp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "2.1.3"
          },
          {
            "model": "yith woocommerce advanced reviews",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.9"
          },
          {
            "model": "yith woocommerce pdf invoice and shipping list",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.2.12"
          },
          {
            "model": "yith product size charts for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.1"
          },
          {
            "model": "yith color and label variations for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.8.11"
          },
          {
            "model": "yith woocommerce authorize.net payment gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.12"
          },
          {
            "model": "yith woocommerce recover abandoned cart",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.2"
          },
          {
            "model": "yith paypal express checkout for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.2.5"
          },
          {
            "model": "yith woocommerce questions and answers",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.9"
          },
          {
            "model": "yith woocommerce badge management",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.19"
          },
          {
            "model": "yith woocommerce points and rewards",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.4"
          },
          {
            "model": "yith woocommerce bulk product editing",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.2.13"
          },
          {
            "model": "yith pre-order for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.9"
          },
          {
            "model": "yith advanced refund system for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.0.10"
          },
          {
            "model": "yith woocommerce ajax search",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.6.9"
          },
          {
            "model": "yith woocommerce waiting list",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.9"
          },
          {
            "model": "yith woocommerce subscription",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.4"
          },
          {
            "model": "yith woocommerce cart messages",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.4.3"
          },
          {
            "model": "yith woocommerce stripe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "2.0.1"
          },
          {
            "model": "yith custom thank you page for woocommerce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.6"
          },
          {
            "model": "yith woocommerce affiliates",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.6.3"
          },
          {
            "model": "yith woocommerce multi vendor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "3.4.0"
          },
          {
            "model": "yith woocommerce added to cart popup",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.11"
          },
          {
            "model": "yith woocommerce order tracking",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.2.10"
          },
          {
            "model": "yith woocommerce product add-ons",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.5.21"
          },
          {
            "model": "yith woocommerce brands add-on",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.6"
          },
          {
            "model": "yith woocommerce wishlist",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "2.2.13"
          },
          {
            "model": "yith woocommerce gift cards",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.7"
          },
          {
            "model": "yith woocommerce frequently bought together",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.2.10"
          },
          {
            "model": "yith woocommerce quick view",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.13"
          },
          {
            "model": "yith woocommerce compare",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "2.3.13"
          },
          {
            "model": "yith woocommerce request a quote",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.4.7"
          },
          {
            "model": "yith woocommerce social login",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.3.4"
          },
          {
            "model": "yith woocommerce multi-step checkout",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.7.4"
          },
          {
            "model": "yith woocommerce product bundles",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.15"
          },
          {
            "model": "yith woocommerce best sellers",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "yithemes",
            "version": "1.1.11"
          },
          {
            "model": "yith-woocommerce-ajax-search",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-badges-management",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-brands-add-on",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-compare",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-order-tracking",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-quick-view",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-request-a-quote",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-social-login",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-wishlist",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          },
          {
            "model": "yith-woocommerce-zoom-magnifier",
            "scope": null,
            "trust": 0.8,
            "vendor": "yithemes",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_ajax_search",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_badge_management",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_brands_add-on",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_compare",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_order_tracking",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_quick_view",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_request_a_quote",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_social_login",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_wishlist",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_zoom_magnifier",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          }
        ]
      },
      "cve": "CVE-2019-16251",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-16251",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-148379",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-16251",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-16251",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-16251",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-16251",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-1900",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-148379",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-16251",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-16251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-16251"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-16251",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-148379",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-16251",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-16251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "id": "VAR-201910-0661",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-148379"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:04:37.006000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://yithemes.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-269",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://wpvulndb.com/vulnerabilities/9932"
          },
          {
            "trust": 1.8,
            "url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16251"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16251"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-16251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-16251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "date": "2019-10-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-16251"
          },
          {
            "date": "2019-11-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "date": "2019-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          },
          {
            "date": "2019-10-31T17:15:10.337000",
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-148379"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-16251"
          },
          {
            "date": "2019-11-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          },
          {
            "date": "2024-11-21T04:30:23.383000",
            "db": "NVD",
            "id": "CVE-2019-16251"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WordPress for  YIT Vulnerability related to privilege management in plug-in framework",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011623"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1900"
          }
        ],
        "trust": 0.6
      }
    }