Sign-up

ID

VAR-201910-0661


CVE

CVE-2019-16251


TITLE

WordPress for YIT Vulnerability related to privilege management in plug-in framework

Trust: 0.8

sources: JVNDB: JVNDB-2019-011623

DESCRIPTION

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin

Trust: 1.8

sources: NVD: CVE-2019-16251 // JVNDB: JVNDB-2019-011623 // VULHUB: VHN-148379 // VULMON: CVE-2019-16251

AFFECTED PRODUCTS

vendor:yithemesmodel:yith woocommerce zoom magnifierscope:lteversion:1.3.11

Trust: 1.0

vendor:yithemesmodel:yith desktop notifications for woocommercescope:lteversion:1.2.7

Trust: 1.0

vendor:yithemesmodel:yith woocommerce mailchimpscope:lteversion:2.1.3

Trust: 1.0

vendor:yithemesmodel:yith woocommerce advanced reviewsscope:lteversion:1.3.9

Trust: 1.0

vendor:yithemesmodel:yith woocommerce pdf invoice and shipping listscope:lteversion:1.2.12

Trust: 1.0

vendor:yithemesmodel:yith product size charts for woocommercescope:lteversion:1.1.1

Trust: 1.0

vendor:yithemesmodel:yith color and label variations for woocommercescope:lteversion:1.8.11

Trust: 1.0

vendor:yithemesmodel:yith woocommerce authorize.net payment gatewayscope:lteversion:1.1.12

Trust: 1.0

vendor:yithemesmodel:yith woocommerce recover abandoned cartscope:lteversion:1.3.2

Trust: 1.0

vendor:yithemesmodel:yith paypal express checkout for woocommercescope:lteversion:1.2.5

Trust: 1.0

vendor:yithemesmodel:yith woocommerce questions and answersscope:lteversion:1.1.9

Trust: 1.0

vendor:yithemesmodel:yith woocommerce badge managementscope:lteversion:1.3.19

Trust: 1.0

vendor:yithemesmodel:yith woocommerce points and rewardsscope:lteversion:1.3.4

Trust: 1.0

vendor:yithemesmodel:yith woocommerce bulk product editingscope:lteversion:1.2.13

Trust: 1.0

vendor:yithemesmodel:yith pre-order for woocommercescope:lteversion:1.1.9

Trust: 1.0

vendor:yithemesmodel:yith advanced refund system for woocommercescope:lteversion:1.0.10

Trust: 1.0

vendor:yithemesmodel:yith woocommerce ajax searchscope:lteversion:1.6.9

Trust: 1.0

vendor:yithemesmodel:yith woocommerce waiting listscope:lteversion:1.3.9

Trust: 1.0

vendor:yithemesmodel:yith woocommerce subscriptionscope:lteversion:1.3.4

Trust: 1.0

vendor:yithemesmodel:yith woocommerce cart messagesscope:lteversion:1.4.3

Trust: 1.0

vendor:yithemesmodel:yith woocommerce stripescope:lteversion:2.0.1

Trust: 1.0

vendor:yithemesmodel:yith custom thank you page for woocommercescope:lteversion:1.1.6

Trust: 1.0

vendor:yithemesmodel:yith woocommerce affiliatesscope:lteversion:1.6.3

Trust: 1.0

vendor:yithemesmodel:yith woocommerce multi vendorscope:lteversion:3.4.0

Trust: 1.0

vendor:yithemesmodel:yith woocommerce added to cart popupscope:lteversion:1.3.11

Trust: 1.0

vendor:yithemesmodel:yith woocommerce order trackingscope:lteversion:1.2.10

Trust: 1.0

vendor:yithemesmodel:yith woocommerce product add-onsscope:lteversion:1.5.21

Trust: 1.0

vendor:yithemesmodel:yith woocommerce brands add-onscope:lteversion:1.3.6

Trust: 1.0

vendor:yithemesmodel:yith woocommerce wishlistscope:lteversion:2.2.13

Trust: 1.0

vendor:yithemesmodel:yith woocommerce gift cardsscope:lteversion:1.3.7

Trust: 1.0

vendor:yithemesmodel:yith woocommerce frequently bought togetherscope:lteversion:1.2.10

Trust: 1.0

vendor:yithemesmodel:yith woocommerce quick viewscope:lteversion:1.3.13

Trust: 1.0

vendor:yithemesmodel:yith woocommerce comparescope:lteversion:2.3.13

Trust: 1.0

vendor:yithemesmodel:yith woocommerce request a quotescope:lteversion:1.4.7

Trust: 1.0

vendor:yithemesmodel:yith woocommerce social loginscope:lteversion:1.3.4

Trust: 1.0

vendor:yithemesmodel:yith woocommerce multi-step checkoutscope:lteversion:1.7.4

Trust: 1.0

vendor:yithemesmodel:yith woocommerce product bundlesscope:lteversion:1.1.15

Trust: 1.0

vendor:yithemesmodel:yith woocommerce best sellersscope:lteversion:1.1.11

Trust: 1.0

vendor:yithemesmodel:yith-woocommerce-ajax-searchscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-badges-managementscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-brands-add-onscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-comparescope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-order-trackingscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-quick-viewscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-request-a-quotescope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-social-loginscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-wishlistscope: - version: -

Trust: 0.8

vendor:yithemesmodel:yith-woocommerce-zoom-magnifierscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011623 // NVD: CVE-2019-16251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16251
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-16251
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1900
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148379
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-16251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16251
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-148379
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16251
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-16251
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148379 // VULMON: CVE-2019-16251 // JVNDB: JVNDB-2019-011623 // CNNVD: CNNVD-201910-1900 // NVD: CVE-2019-16251

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2019-011623 // NVD: CVE-2019-16251

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1900

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-1900

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011623

PATCH
title:Top Pageurl:https://yithemes.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011623

EXTERNAL IDS
db:NVDid:CVE-2019-16251
Trust: 2.6
db:JVNDBid:JVNDB-2019-011623
Trust: 0.8
db:CNNVDid:CNNVD-201910-1900
Trust: 0.7
db:VULHUBid:VHN-148379
Trust: 0.1
db:VULMONid:CVE-2019-16251
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148379 // 
            
            
            
            VULMON: CVE-2019-16251 // 
            
            
            
            JVNDB: JVNDB-2019-011623 // 
            
            
            
            CNNVD: CNNVD-201910-1900 // 
            
            
            
            NVD: CVE-2019-16251

REFERENCES
url:https://wpvulndb.com/vulnerabilities/9932
Trust: 2.6
url:https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-16251
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16251
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148379 // 
            
            
            
            VULMON: CVE-2019-16251 // 
            
            
            
            JVNDB: JVNDB-2019-011623 // 
            
            
            
            CNNVD: CNNVD-201910-1900 // 
            
            
            
            NVD: CVE-2019-16251

SOURCES
db:VULHUBid:VHN-148379
db:VULMONid:CVE-2019-16251
db:JVNDBid:JVNDB-2019-011623
db:CNNVDid:CNNVD-201910-1900
db:NVDid:CVE-2019-16251

LAST UPDATE DATE
2024-11-23T23:04:37.006000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148379date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-16251date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-011623date:2019-11-14T00:00:00
db:CNNVDid:CNNVD-201910-1900date:2020-08-25T00:00:00
db:NVDid:CVE-2019-16251date:2024-11-21T04:30:23.383

SOURCES RELEASE DATE
db:VULHUBid:VHN-148379date:2019-10-31T00:00:00
db:VULMONid:CVE-2019-16251date:2019-10-31T00:00:00
db:JVNDBid:JVNDB-2019-011623date:2019-11-14T00:00:00
db:CNNVDid:CNNVD-201910-1900date:2019-10-31T00:00:00
db:NVDid:CVE-2019-16251date:2019-10-31T17:15:10.337