Description
WordPress Plugin YITH WooCommerce Bulk Product Editing is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin YITH WooCommerce Bulk Product Editing version 1.2.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.15 or latest
References
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
https://plugins.svn.wordpress.org/yith-woocommerce-bulk-product-editing/trunk/README.txt
Related Vulnerabilities
PHP Other Vulnerability (CVE-2016-4343)
WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.8.3.2)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50723)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Security Bypass (2.7.2)
MongoDb Improper Authentication Vulnerability (CVE-2014-8180)