YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change

Affects Plugins

fixed in version 2.2.14
fixed in version 2.3.15
fixed in version 1.3.15
fixed in version 1.3.12
fixed in version 1.7.1
fixed in version 1.3.21
fixed in version 1.3.7
fixed in version 1.4.9
fixed in version 1.3.6
fixed in version 1.2.11
fixed in version 1.2.13
fixed in version 1.2.1
fixed in version 1.4.0
fixed in version 1.5.23
fixed in version 1.3.8
fixed in version 1.3.6
fixed in version 1.6.3
fixed in version 1.4.5
fixed in version 1.1.17
fixed in version 1.7.5
fixed in version 1.3.13
fixed in version 1.2.15
fixed in version 2.0.2
fixed in version 1.3.11
fixed in version 1.3.6
fixed in version 1.1.13
fixed in version 2.1.4
fixed in version 3.4.1

References

CVE 2019-16251
URL https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet
Views 4071
Verified No
WPVDB ID 9932

Timeline

Publicly Published 2019-10-31 (19 days ago)
Added 2019-10-31 (19 days ago)
Last Updated 2019-10-31 (19 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin